XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
(XUA) 1.85 Reference Manual
Appendix A: The UACONF File
XYPRO Technology Corporation 245 Proprietary and Confidential
A72: SUBJECT_LOOKUP
This keyword is required as a work around for two Safeguard software anomalies:
1. The first anomaly causes Safeguard to send the underlying id rather than an alias
to the SEEP. If the keyword SUBJECT_LOOKUP is set to ON, then XYGATEUA
will retrieve the real subject login name via a process info lookup of the process
that is logging in. If this keyword is omitted, SUBJECT_LOOKUP will be set to
OFF.
2. There is a field in the message from Safeguard to the SEEP that tells the SEEP
whether the subject is locally authenticated, remotely authenticated or
unauthenticated. Currently there is a Safeguard anomaly that always sets the
value to “unauthenticated” for local users. This causes all subjects (the persons
requesting the logon) to appear as local users. To work around this problem, use
the SUBJECT_LOOKUP keyword to tell XUA whether or not to determine if the
subject process is truly local or remote. If the process is remote, XUA will also
determine the correct remote node (if EXPLICIT_NODES is set to ON); otherwise,
the node will be entered as \UNKNOWN.
Syntax:
SUBJECT_LOOKUP {ON | OFF }
When SUBJECT_LOOKUP is set ON, XUA will do the following:
1. Determine the correct subject login name, using a process info lookup of the
process that is logging in.
2. Determine if the process that is logging in is local or remote and, if remote, the
node where the process is running.
3. When SUBJECT_LOOKUP is set OFF, XUA will not perform the process lookups
which causes:
• Aliases to appear as the underlying ID in Safeguard’s audit trail.
• Local users to appear as unauthenticated in the message to the SEEP.
Example:
SUBJECT_LOOKUP ON