|
|
The following files may be used by the connection server:
The connection server Authentication file or /etc/cs/auth is an optional file maintained by the system administrator that lists the authentication scheme and imposer role associated with a particular host, service, network tuple. The system administrator does not need to, and in most cases will not, put information into this file. Typically, the connection server obtains the initial authentication information about a particular host, service, network tuple from the reportscheme service. The connection server retains this data in an internal cache so that the reportscheme service will not be called in subsequent network requests for the same host, service, network tuple.
If for any reason the system administrator does not want the reportscheme service to be called for a particular host, service, network tuple, the authentication scheme information can be stored in /etc/cs/auth. When the connection server is started, it uses the information in /etc/cs/auth to initialize its internal cache.
The connection server authentication file is read only once when the connection server is started up. If the system administrator changes the file while the connection server is running, the command cs -x must be issued from the command line to tell the Connection Server to read the authentication file again.
To change the connection server authentication file, the system administrator should edit the file manually. The format of each line in the file is:
host<tab>service<tab>transport<tab>authentication scheme<tab>imposer role<newline>When no scheme is required (sometimes referred to as a NULL scheme), the administrator indicates this by putting a dash (-) in the authentication scheme field. The ``imposer role'' field indicates that the client will act as either the responder (r) to the authentication process or as the imposer (i).
The following is an example of a small authentication file:
#host service trans. auth imposer # scheme role # pelham echo_tcp tcp cr1 r pelham cu tcp login r pelham uucico tcp cr1 r pelham date tcp - rFor more information on imposer role and authentication schemes, see ``cr1 Bilateral Authentication Scheme''.
The connection server logs information in the file /var/adm/log/cs.log on the client machine. A message is logged on startup.
Any time a connection request fails, the reason for failure is written to the log file. In addition, for each connection requested through cs_connect(3N) or dials(3N), a message is logged containing the following data: time, date, user ID, group ID, process level (if MAC is installed), network service requested, name of server machine, and status of request (success or failure). For example:
04/23/91 17:08:39; 2293; connection not permitted by /etc/idmap/attrmap/LIDAUTH.map 04/23/91 17:08:39; 2293; Request by process uid<114> gid<1> at level USER_LOGIN 04/23/91 17:08:39; 2293; for service<sec_call> on host<pelham> FAILED 04/23/91 17:11:37; 26386; Request by process uid<114> gid<1> at level USER_LOGIN 04/23/91 17:11:37; 26386; for service<date> on host<laertes> SUCCEEDEDThe number immediately following each date and time (for example, 26386 in the last line) is the process ID of the process that the connection server daemon spawned to handle the connection request.
If the connection server is invoked with the debug option,
the connection server daemon
will write debug information to /var/adm/log/cs.debug.
The command line used is:
/usr/sbin/cs -d