Manualshelf

XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
XYPRO Technology Corporation 29 Proprietary and Confidential
Chapter 2. Configuring XAC
This chapter describes the procedures for configuring XAC by creating new command
entries and modifying the ACCONF and ACACL files.
2.1 Creating New Command Entries
XAC is delivered with a sample ACCONF and ACACL fileset that provides a minimum
level of functionality. This chapter describes how to change these two files and how
you can develop your own commands.
2.1.1 ACCONF
The ACCONF file configures how XAC functions. The first ACCONF for your
installation is built as part of the installation process. Appendix A:The ACCONF File
provides more information about this file.
2.1.2 ACACL
The ACACL file installed with the software is a sample ACACL file that contains
ACACL Command Entries for most of the common tasks on a system. It also has a
few ACLGROUPs designed for your use in profiling your users. Appendix C: The
ACACL File” provides more information about this file.
ACLGROUPs in the ACACL File
The ACLGROUPs in the ACACL file are common groups that most sites use. These
groups are referred to in the ACACL Command Entries discussed in section 2.1.3. You
can use these groups or create new ones as needed for your security implementation.
Group Name Purpose
$EVERYONE This profile contains every NSK userid and every Safeguard ALIAS defined
for all nodes in the network. Use it when you define a command that
everyone will need to use.
$SUPER This profile is used to specify which users will get to use the commands in
the ACACL file that execute under the SUPER.SUPER userid. In the
beginning, you have to add your userid to this ACLGROUP.
$GRPMGR This profile contains the NSK userid for group managers: *,255. This allows
easy definition of commands for group managers.
$SECURITY This profile is used to specify which users will get to the use the commands
in the ACACL file that will be defined for Information Security only, such as
the command that lets you edit the ACACL file. In the beginning, you have
to add your userid to this ACLGROUP.