Manualshelf

XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
XYGATE
®
Access Control Reference Manual
Chapter 2. Configuring XAC
XYPRO Technology Corporation 33 Proprietary and Confidential
Important! The process (usually the User’s TACL) which executes the XYGATEAC
program, must be a named process in order for XYGATEAC to validate that a NonStop
Kernel level authentication was accomplished by the user.
All nodes having NonStop Kernel users needing network XAC access must specify the
same object code filename for the XYGATEAC object file (on a disk and subvolume of
the same name), and all nodes must specify the same process name (that is, $ACDB)
for DBSO. This is done during the installation process and can be done during a
re-install or update of the XYGATEAC software. If you change the location, you must
move your existing ACCONF, ACCONFCO and ACACL files to the new location.
For security reasons XAC will declare any ACACL Command Entry invalid if any non-
valid userid is used (or if a userid is deleted) or any syntax error is encountered in an
ACL keyword definition.
The following sections define the methods for configuring and executing XAC so that
your local security requirements are met.
2.5 Using XAC with DP (Defined Process)
Any defined XAC command can be run as a background server process via the HP
Define Process utility so that a user at TACL prompt is able to communicate with other
background processes without having to exit the XAC process. You will see the
pstart: message when the XAC command is started as a background process.
If the executed-XAC command is defined with a TIMEOUT, then the XAC command
will be stopped after the timeout period.
After the timeout, if a user enters a PNAME, then DP will start a new background
process for the timed-out XAC and display XAC - <Timeout>, as shown in Example 5
below (XAC Timeout example).
To use the DP commands from the TACL process, it must be a named process, and
the DP directory must be added to #USELIST so that TACL is able to execute DP
variables.
Example1 : Add DP directory to #USELIST
$VIK IK 7> #SET #USELIST [#USELIST] :UTILS.1:DP.1
Note: For more information about HP DP, refer to the HP Define Process Manual, part
number 131360.
Example 2: XAC Command entries
COMMAND FUP-255
! THIS COMMAND IS USED TO EXECUTE FUP AS SUPER.SUPER
DESCRIPTION "FUP AS SUPER.SUPER"