Security

The SunVTS user interface running on one host can control the SunVTS kernel running on a system under test, often referred to as SUT. The user interface has to connect to the SunVTS kernel before it can control the SunVTS kernel (see "Host (Connect to) Button" for more information).

The SunVTS kernel authenticates connect requests from the SunVTS interfaces based on one of the following attributes:

• The host from which the request is initiated--if this host belongs to the list of trusted hosts specified, then this request is granted without any authentication.

• The group <groupname> to which the user using a SunVTS UI to SunVTS kernel belongs--this is the user who initiates the Connect to request. If this group is a member of a list of groups specified, then the user interface will prompt the user for a password. The SunVTS kernel compares this password against the system's databases on the system being tested. If the password does not match, or if the user is not on the list, then the connection is rejected.

• The user <username> who initiates the Connect to request using a SunVTS user interface to the SunVTS kernel (vtsk)--if this user is a member of a list of users specified, then the user interface will prompt the user for a password. The SunVTS kernel compares this password against the system's databases on the system being tested. If the password does not match or the user is not on the list, then the connection is rejected.

The list of hosts, groups, and users are specified in the security file, .sunvts_sec, which is installed in the <SunVTS3.0 install directory> /bin. A plus (+) entry in one of these lists means all hosts, groups, or users, respectively. A template of the security file (.sunvts_sec) is located in the <SunVTS3.0 install directory> /bin.

To enable security checking, remove the plus (+) sign in the HOST section of .sunvts_sec, the default.

The following table shows a security file template.

Security File Template

#This file should be <SunVTS3.0
install directory>/bin/.sunvts_sec
#
#Any line beginning with a # is a comment line
#
# Trusted Hosts entry
# One hostname per line.
# A "+" entry on a line indicates that ALL hosts are Trusted
Hosts.
# No password authentication is done.
# The line with the label HOSTS: is required to have the
list of hosts
#
#HOSTS:
+
#host1
#host2
#
# Trusted Groups entry
# One groupname per line.
# A "+" entry on a line indicates that ALL groups are Trusted Groups.
# User password authentication is done.
# The line with the label GROUPS: is required to have the
list of groups
#
#GROUPS:
#group1
#
# Trusted Users entry
# One username per line.
# A "+" entry on a line indicates that ALL users are Trusted
Users.
# User password authentication is done.
# The line with the label USERS: is required to have the
list of users.
#USERS:
#user1
#user2

The SunVTS kernel authenticates the requests based on the entries in the security file. All access except root is denied on the local machine if the security file entry is invalid or if there is no entry in the file. You can correct an entry in this file even when the SunVTS kernel is running. When you specify the -e option with the SunVTS kernel, then the SunVTS kernel accepts Connect to requests from any host, regardless of the user identification of the SunVTS User Interface process that is initiating it.

The user password needed for authentication purposes by vtsk is the same password used to log in to the system you are testing.