[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference smurf::ase

Title:ase
Moderator:SMURF::GROSSO
Created:Thu Jul 29 1993
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:2114
Total number of notes:7347

1531.0. "Digital UNIX 4.0 + DECSafe and C2 ?" by QCAV01::DEVARAJAN () Mon Aug 12 1996 14:35

T.RTitleUserPersonal
Name
DateLines
1531.1XIRTLU::schottEric R. Schott USG Product ManagementMon Aug 12 1996 20:506
1531.2For recommending this to an ISP....QCAV02::DEVARAJANTue Aug 13 1996 06:5416
1531.3What if we take it up ourselves...QCAV02::DEVARAJANTue Aug 20 1996 06:0218
1531.4COMICS::CORNEJWhat's an Architect?Wed Feb 19 1997 08:274
    Has this story changed since the base note?  Are there any plans yet?
    
    Jc
    
1531.5Internet AlphaServer ASE Login Service supports C2ZEKE::ranger.zko.dec.com::dilsworthKeith DilsworthThu Feb 20 1997 14:0842
The new version of IAS will only support DUNIX 4.0B and later.  I have
been modifying lkr_ase_cron and lkr_aseusersync to be perl scripts and
to support C2 security.  

The new scripts support a -v function which tells you every step thats
going on and what is being added/deleted/modified.  The stop switch is
still there in lkr_aseusersync to clean out /etc/passwd, /etc/group and
the C2 auth.db entries.  It can also be specified with a -s.  There is a
-u switch to specify the UID range (-u 1000 60000).  There is also a -g
switch to specify a GROUP to base ASE users on if you wish (-g
ASE_GROUP).  The group can also be specified in /etc/ias_ase.config with
the field "ASE_GROUP ase_group_name".  

The final switch in lkr_ase_usersync is a -d switch to specify a directory
other than /data/Lkr_Usr_/.admin for the ASE User entries 
(-d /nfs/crossmount/.admin).  With this switch it will only run if 
/etc/ias_passwd.date and /nfs/crossmount/.admin/ias_passwd.date are different.  
It will not set them the same.  This would allow it to be a cron job on both 
servers and only run on the backup server.

The operation is optomized to only replace what is necessary.  If
something doesn't change leave it alone.  The only thing they write to
disk are the new files (no working type files, every thing is read into
a perl hash).  If there is a new /etc/passwd it is written to /etc/ptmp
and mkpasswd is ran with /etc/ptmp/passwd and then the files are renamed
to /etc/...

To further C2 compliance lkr_aseusersync will only pick up passwd
modifications.  It will not update last login success or failure.

lkr_ase_cron will update all C2 fields in the ASE C2 database.  This
allows lkr_aseusersync to either update just the passwd fields or create
a new C2 entry with all fields if there is not currently an entry for
the user.  This means that if you don't use the -s switch with
lkr_aseusersync the C2 entry will have the login history for that
machine.  If you use the -s switch and not the -d switch with
lkr_aseusersyc the login history will be for all servers.

Both scripts update /data/Lkr_USR/.admin/passwd.local and group.local
(even with the -d switch on lkr_aseusersync)


1531.6COMICS::CORNEJWhat's an Architect?Wed Feb 26 1997 09:374
    Is this ever likely to make it back into the base ASE product?
    
    Jc
    
1531.7ZEKE::ranger.zko.dec.com::dilsworthKeith DilsworthWed Feb 26 1997 15:276
It was never part of the base ASE product.

Something simular should be included in the steel release of Digital 
UNIX.  Common cluster logon account.  No sure idea how they will 
impliment it but it will most likely have a system passwd file and 
common cluster passwd file.