XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
(XUA) 1.85 Reference Manual
Appendix A: The UACONF File
XYPRO Technology Corporation 216 Proprietary and Confidential
A18: EXPLICIT_NODES
This keyword tells XUA whether or not to determine if the process attempting the logon
on behalf of a user is local or remote and, if remote, determine remote node name.
Syntax:
EXPLICIT_NODES { ON | OFF }
If EXPLICIT_NODES checking is ON, you can specify wildcarded node name(s) as
well as specifying all remote access with the \* syntax when entering users in
ACLGROUPs or UAGROUPs. For example "\NY*" or "\LOSANG" can be used.
If EXPLICIT_NODES is OFF, only the \*(all nodes) is supported. EXPLICIT_NODES
OFF also turns off the trusted ancestor checking. This alternative is faster than
EXPLICIT_NODES ON.
Omit the \* when specifying users in the UAGROUPs to grant local access only.
The default value is OFF.
Note: When EXPLICIT_NODES is ON, ancestor checking occurs, which takes
substantial quantities of time on a slow network. This can cause Safeguard to
timeout while communicating to the XUA process. TIMEOUTs yield a result of
NO.
Example:
EXPLICIT_NODES OFF
Trusted Ancestor Checking:
The SEEP interface only receives information about whether a user was authenticated
locally or remotely, not the actual node where he or she was authenticated. To
determine the node of the user requires trusted ancestor logic ON, which follows the
process ancestor chain until it finds a process that has the authenticated bit set, which
tells which node the user authenticated on. In a complex network, this can consume a
lot of time and Safeguard may timeout while communicating to the XUA process. If it
does, Safeguard considers the result from XUA to be NO
Note: EXPLICIT_NODES should not be turned on unless you have a fast EXPAND
network and fast systems at each node, rather than a CLX or 112kb EXPAND
link.