Manualshelf

OSI/FTAM Configuration and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Planning, Installing, and Configuring Tandem FTAM
OSI/FTAM Configuration and Management Manual421944-001
3-19
Security of Files in a Tandem Responder’s Virtual
Filestore (VFS)
Security of Files in a Tandem Responder’s Virtual
Filestore (VFS)
When setting up Tandem FTAM responder processes, you must determine how you want
to control access to each responder and its virtual filestore (VFS). Security on Tandem
systems is enforced by the Tandem NonStop Kernel, the Expand network operating
software, and the Safeguard system-software security package, if used. The optional
Safeguard security software extends the security features of the operating system and
provides flexibility—for example, in identifying which users can access a given disk
file.
The following subsections explain how Tandem security software governs access to a
Tandem FTAM responder and its VFS:
Logon Access on this page
Disk-File Access on page 3-21
Mapping of FTAM File-Security Attributes to Guardian Security Settings on
page 3-22
This information serves as background to help you plan how to secure files for
remote access through FTAM, understand how the Tandem responder secures files
remotely created or modified through FTAM, and decide whether to configure the
DEFUSER attribute in your VFS profiles.
Logon Access
Each FTAM association with a Tandem responder has a Guardian user ID associated
with it. This user ID can also be authenticated by a Guardian logon password. The user
ID and password for access to a Tandem responder can be specified in two different
ways: by the remote application in the F-INITIALIZE request or by default in the
responder configuration.
To specify a default user ID and password, you use the DEFUSER attribute in your VFS
PROFILE configuration. If you provide a user ID and password in this attribute, remote
users do not need to send user IDs and passwords across the OSI network to access a
responder process using its address. A remote application that does not specify a user ID
and password is granted the access privileges of the default user ID. However, a remote
user can supply a user ID and password to obtain access privileges that are different
from those of the default user ID. Note that the default volume and subvolume of the
effective user ID (initiator ID), whether it comes from the DEFUSER attribute or the
F-INITIALIZE request, are used to qualify any filenames for which a volume and
subvolume are not specified in the request.