|
|
pmadm(1M) can be used to modify or remove authentication schemes (specified with -S "scheme"), and user IDs (specified with -i id).
For a given service, there may be non-null entries in either of these fields, in both fields, or in neither. Since authentication schemes can provide a user ID, it is important to understand when the user ID determined by the authentication scheme is used, versus when the user ID specified in the id field is used. The following table describes the four possible cases:
| Scheme | ID | Description |
|---|---|---|
| Specified | Null | Authentication is performed by the port monitor using the specified scheme. If authentication succeeds, the service is started with the ID determined by the scheme. If authentication fails, the service is not started. |
| Null | Specified | No authentication is performed by the port monitor. The service is started with the ID specified in the ``ID'' field. |
| Specified | Specified | The port monitor invokes the specified authentication scheme. If authentication succeeds, the service is started with the ID from the ``ID'' field. If authentication fails, the service is not started. |
| Null | Null | This is an error. The service will not start. |
When used with the -c option, the -S and -i options to pmadm manipulate the contents of the ``SCHEME'' and ``ID'' fields in the port monitor administrative file.
If either ``SCHEME'' or ``ID'' is null, the corresponding field will be empty and the authentication scheme or user ID will be effectively removed from the service line in the file.