Synchronizing Authorization Data
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
On a cluster, all elements of the user authorization data should exist in a common database. These authorization elements include the system user authorization files (SYSUAF.DAT and its backup SYSUAFALT.DAT), the rights database (RIGHTSLIST.DAT), the network authorization file (NETPROXY.DAT) and its object database file (NETOBJECTS.DAT), which are present on all OpenVMS systems, and optionally, the autologin file, SYSALF.DAT.
A secure cluster requires that the authorization data be synchronized across all nodes. If a site chooses to maintain multiple versions of these files, then you must synchronize the data. Each user should have the same UIC, group number, and set of identifiers defined on every node. Coordination of privileges and access rights is also critical. A shared disk is protected only as much as its least protected node. If you maintain separate authorization files on each node in the cluster, ensure that user privileges are common across all copies of the system user authorization file (SYSUAF.DAT). Table 11-4 “Fields in SYSUAF.DAT Requiring Synchronization” lists the fields of SYSUAF.DAT that must be identical on each node.
Table 11-4 Fields in SYSUAF.DAT Requiring Synchronization
| Internal Name | $SETUAI Item Code |
|---|---|
UAF$R_DEF_CLASS | UAI$_DEF_CLASS |
UAF$Q_DEF_PRIV | UAI$_DEF_PRIV |
UAF$B_DIALUP_ACCESS_P | UAI$_DIALUP_ACCESS_P |
UAF$B_DIALUP_ACCESS_S | UAI$_DIALUP_ACCESS_S |
UAF$B_ENCRYPT | UAI$_ENCRYPT |
UAF$B_ENCRYPT2 | UAI$_ENCRYPT2 |
UAF$Q_EXPIRATION | UAI$_EXPIRATION |
UAF$L_FLAGS | UAI$_FLAGS |
UAF$B_LOCAL_ACCESS_P | UAI$_LOCAL_ACCESS_P |
UAF$B_LOCAL_ACCESS_S | UAI$_LOCAL_ACCESS_S |
UAF$B_NETWORK_ACCESS_P | UAI$_NETWORK_ACCESS_P |
UAF$B_NETWORK_ACCESS_S | UAI$_NETWORK_ACCESS_S |
UAF$B_PRIME_DAYS | UAI$_PRIMEDAYS |
UAF$Q_PRIV | UAI$_PRIV |
UAF$Q_PWD | UAI$_PWD |
UAF$Q_PWD2 | UAI$_PWD2 |
UAF$Q_PWD_DATE | UAI$_PWD_DATE |
UAF$Q_PWD2_DATE | UAI$_PWD2_DATE |
UAF$B_PWD_LENGTH | UAI$_PWD_LENGTH |
UAF$Q_PWD_LIFETIME | UAI$_PWD_LIFETIME |
UAF$B_REMOTE_ACCESS_P | UAI$_REMOTE_ACCESS_P |
UAF$B_REMOTE_ACCESS_S | UAI$_REMOTE_ACCESS_S |
UAF$R_MAX_CLASS | UAI$_MAX_CLASS |
UAF$R_MIN_CLASS | UAI$_MIN_CLASS |
UAF$W_SALT | UAI$_SALT |
UAF$L_UIC | Not applicable |
Use SYSMAN if you choose to create an autologin file and maintain the file in the common authorization database with your authorization files and rights database. On clustered systems, the autologin file must include the cluster node name as a prefix to the terminal name. For example, the terminal TTA0 on node WILLOW would be represented as WILLOW$TTA0. See “Using the System Management Utility” for an overview of SYSMAN.