Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

141

142

143

144

145

146

147

148

149

150

Figure 8-1 HP-UX RBAC Architecture

privrun

privedit

/usr/sbin/

cmdprivadm

Command, Auth

Privilege

Database

access - control

aware application

access - control

aware application

User Information

(for example )

KEY

Privilege Wrapper

Command s

Access Control Switch

RBAC

Future

Existing Components

PAM, Name

Service Switch

PAM

Service

Modules

/etc/passwd

Other Policy ACPM

Local RBAC

ACPM

ACPS AP I

ACP S SP I

Valid System

Roles

Valid System

Auths

User Role

Database

Role

Authorization

Database

/usr/sbin/

rbacdbck

/usr/sbin/

roleadm

/usr/sbin/

authadm

Access Control Policy Switch (ACPS)

8.3.6 HP-UX RBAC Example Usage and Operation

Figure 8-2 and the subsequent footnotes show a sample invocation of privrun and the

configuration files that privrun uses to determine whether a user is allowed to invoke

a command.

150 HP-UX Role-Based Access Control