|
|
This section describes authentication scheme administration on a server machine.
The authentication scheme for a network service is registered using the port monitor administrative command pmadm(1M). Each network service under the Service Access Facility is associated with a port under a given port monitor. The port monitor administrative command adds, removes, or maintains services by adding, removing, or changing lines in a port monitor's administrative file. (See ``Administering port services'' and pmadm(1M) for more information.)
The system administrator must register
the authentication scheme for a service.
If the service exists on the system,
this is done using
the port monitor administrative command, pmadm,
with the -c and -S scheme options.
If an authentication scheme
has not already been associated with the service,
scheme will be entered in
the ``scheme'' field of
the port monitor's administrative file.
If an authentication scheme
has already been associated with the service,
the same command
will replace the existing scheme with scheme.
A pmadm command line in the following form
will remove an authentication scheme for a service:
pmadm -c -S "" -s svctag -p pmtag
If the service does not yet exist, the name of the authentication scheme associated with it may be included on the command line that adds the service. In this case, -S scheme is included as one of the arguments on the pmadm -a command line.
After the authentication scheme name has been included in the ``scheme'' field of the port monitor's administrative file, it is available to the connection server on the client machine by way of the reportscheme service.