The connection server
The connection server is a standing process or daemon that runs on
all client machines.
It is used to establish connections for
all network services
that communicate over TLI connection-oriented
and dialup connections.
The connection server
is started automatically during initialization when the system goes to
multi-user mode.
It receives requests for network services from client machine applications,
establishes connections to the server-machine ports associated with the
requested services, and passes
the connections back to the application.
Before passing a connection to an application,
the connection server may invoke an authentication scheme.
Connection server components
The following are the components an application programmer will be concerned with:
-
An application interface to the standing server.
The interface consists of
library routines that make the connection over connection-oriented networks
or using dialup connections,
and an error reporting routine.
These routines are described here
and on the
cs_connect(3N)
and
dials(3N)
manual pages.
-
An /etc/iaf/serve.allow file,
maintained on the client machine.
/etc/iaf/serve.allow
contains a list of network services that client applications expect to use
and the
acceptable authentication scheme or schemes for each service.
This file is optional if client applications do not authenticate server identities,
that is, if client applications will accept
any authentication scheme imposed by server machines.
/etc/iaf/serve.allow
is described in
``Administering the connection server''.
-
An optional file, /etc/iaf/serve.alias, also maintained on the client
machine.
/etc/iaf/serve.alias
contains a list of network service names and their aliases.
The serve.alias file is described in
``Administering the connection server''.
-
A non-standing network service, reportscheme, that tells client machine
applications what authentication scheme to use for a requested network
service.
The reportscheme service must exist on each port monitor that
offers network services if the server is to enforce authentication scheme
invocation.
reportscheme is described in
``Administering the connection server''
and on the
reportscheme(1Mbnu)
manual page.
-
If Enhanced Security is installed, a LIDAUTH.map file.
LIDAUTH.map is an attribute mapping file created by the client system
administrator to control the levels at which a local process can communicate
with a remote system.
When a local process attempts to connect to a remote system, the
connection server reads the LIDAUTH.map
file to determine whether the connection is authorized at the level of the
running process.
If LIDAUTH.map contains a line that authorizes the connection,
the connection server sends the request to the server.
If LIDAUTH.map does not authorize a connection at the security
level of the local process, the connection server does not pass the
connection request to the server.
If a system is running Enhanced Security and a LIDAUTH.map
file does not exist, the connection server fails all outgoing connection
requests.
LIDAUTH.map is described in
``Administering the connection server''.
-
A connection server log file in /var/adm/log/cs.log.
The Service Access Facility's administrative command pmadm is used
to install, remove, or change authentication schemes on the server machine.
The command is described on the
pmadm(1M)
manual page and in
``Administering port services''.
Details of connection server administration that are not covered in this
topic can be found in
``Administering the connection server''.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 27 April 2004