SSH Reference Manual
Arguments
<group>.<user>
The Guardian logon name of the account that will have full SSHCOM access. Logon ids and alias names are not
supported.
Default
By default, none of the parameters are set, i.e. only users configured in the Safeguard OBJECTTYPE USER record (if
such exists) and super.super (unless explicitly denied in OBJECTTYPE USER) can access privileged commands.
Example
FULLSSHCOMACCESSUSER1 admin.joe
FULLSSHCOMACCESSUSER2 admin.jim
FULLSSHCOMACCESSUSER3 super.jane
Considerations
• Some of the privileged commands in SSHCOM are critical to the security of the system. Therefore granting
access to other user accounts than super.super must be carefully considered.
• The user super.super has always full access to all SSHCOM commands unless explicitly denied in
OBJECTTYPE USER record. Therefore it is not required to add super.super to the list of
FULLSSHCOMACCESSUSER
parameters.
• The parameters must be set contiguously, i.e. if one parameter FULLSSHCOMACCESSUSER<k> is not
defined the checking of FULLSSHCOMACCESSUSER<i> parameters stops.
• This parameter set is disabled if a thawed OBJECTTYPE USER record exists in Safeguard, i.e. any
FULLSSHCOMACCESSUSER<i> parameter configuration is ignored in this case.
See also
• FULLSSHCOMACCESSGROUP<j>
• See table in “SSHCOM Access Summary” in section "SSHCOM Command Reference".
GSSAUTH
Use this parameter to enable GSSAPI authentication in accordance with the RFC 4462.
Parameter Syntax
GSSAUTH * | gssauth-process-name
Arguments
*
GSSAPI user authentication is disabled
Gssauth-process-name
The process name of the GSSAUTH interface process that provides the GSSAPI functionality for SSH2.
Default
By default, GSSAPI authentication is disabled (*).
Example
GSSAUTH $GSS
Considerations
HP NonStop SSH Reference Manual Configuring and Running SSH2 • 79