DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Network services

Files

The following files may be used by the connection server:


/etc/netconfig
Network selection database file

/etc/net/transport_name/hosts
Name-to-address mapping hosts file

/etc/net/transport_name/services
Name-to-address mapping services file

/etc/inet/hosts
Name-to-address mapping hosts file for TCP. For compatibility, /etc/inet/hosts is linked to /etc/hosts.

/etc/inet/services
Name-to-address mapping services file for TCP. For compatibility, /etc/inet/services is linked to /etc/services.

/etc/iaf/serve.allow
Database of allowable authentication schemes and network services

/etc/iaf/serve.alias
Database of network services and their aliases

/var/adm/log/cs.log
Connection server log file

/var/adm/log/cs.debug
Connection server debug file

/etc/cs/auth
List of authentication schemes

Authentication scheme file

The connection server Authentication file or /etc/cs/auth is an optional file maintained by the system administrator that lists the authentication scheme and imposer role associated with a particular host, service, network tuple. The system administrator does not need to, and in most cases will not, put information into this file. Typically, the connection server obtains the initial authentication information about a particular host, service, network tuple from the reportscheme service. The connection server retains this data in an internal cache so that the reportscheme service will not be called in subsequent network requests for the same host, service, network tuple.

If for any reason the system administrator does not want the reportscheme service to be called for a particular host, service, network tuple, the authentication scheme information can be stored in /etc/cs/auth. When the connection server is started, it uses the information in /etc/cs/auth to initialize its internal cache.

The connection server authentication file is read only once when the connection server is started up. If the system administrator changes the file while the connection server is running, the command cs -x must be issued from the command line to tell the Connection Server to read the authentication file again.


NOTE: Administrators of server machines must inform administrators of client machines of changes to the authentication scheme of a service from NULL to another scheme, such as cr1. Then, client machine administrators must either update the /etc/cs/auth file with the new scheme information and execute the cs -x command, or kill the cs daemon and then restart it so the internal cache will be rebuilt with the correct information.

To change the connection server authentication file, the system administrator should edit the file manually. The format of each line in the file is:

host<tab>service<tab>transport<tab>authentication scheme<tab>imposer role<newline>
When no scheme is required (sometimes referred to as a NULL scheme), the administrator indicates this by putting a dash (-) in the authentication scheme field. The ``imposer role'' field indicates that the client will act as either the responder (r) to the authentication process or as the imposer (i).

The following is an example of a small authentication file:

#host		service	trans.	auth		imposer
#						scheme	role
#
pelham	echo_tcp	tcp 		cr1 		r
pelham	cu		tcp		login		r
pelham	uucico	tcp		cr1		r
pelham	date		tcp		-		r
For more information on imposer role and authentication schemes, see ``cr1 Bilateral Authentication Scheme''.

Log file

The connection server logs information in the file /var/adm/log/cs.log on the client machine. A message is logged on startup.

Any time a connection request fails, the reason for failure is written to the log file. In addition, for each connection requested through cs_connect(3N) or dials(3N), a message is logged containing the following data: time, date, user ID, group ID, process level (if MAC is installed), network service requested, name of server machine, and status of request (success or failure). For example:

04/23/91 17:08:39;  2293; connection not permitted by /etc/idmap/attrmap/LIDAUTH.map
04/23/91 17:08:39;  2293; Request by process uid<114> gid<1> at level USER_LOGIN
04/23/91 17:08:39;  2293;   for service<sec_call> on host<pelham> FAILED
04/23/91 17:11:37; 26386; Request by process uid<114> gid<1> at level USER_LOGIN
04/23/91 17:11:37; 26386;   for service<date> on host<laertes> SUCCEEDED
The number immediately following each date and time (for example, 26386 in the last line) is the process ID of the process that the connection server daemon spawned to handle the connection request.

Debug file

If the connection server is invoked with the debug option, the connection server daemon will write debug information to /var/adm/log/cs.debug. The command line used is:

/usr/sbin/cs -d


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 27 April 2004