SAS Safety Scalable Performance Data Server 4.5 Manual Do Utilizador
Here are some options for establishing the appropriate UNIX user ID for your SPD Server
processes:
processes:
Establish a dedicated UNIX account for the SPD Server administrator. Always execute the
rc.spds script from that account.
rc.spds script from that account.
The rc.spds script that starts the SPD Server processes should use the setuid bit. It does not
matter who executes the script, the user ID of the shell executing the script is the script
owner. This ensures that SPD Server processes run with the correct UNIX user ID.
matter who executes the script, the user ID of the shell executing the script is the script
owner. This ensures that SPD Server processes run with the correct UNIX user ID.
At system startup, use the UNIX
su
command to establish the proper UNIX user ID for
the shell that executes the rc.spds script. To start the environment manually, you must enter
the password for each UNIX account in your
the password for each UNIX account in your
su
command, unless you are root when you
execute the
su
command.
SPD Server User IDs
The SPD Server system uses its own layer of access controls that overlay UNIX access
permissions. SPD Server processes run in the context of a UNIX user ID, and that user
owns all of the resulting SPD Server file resources that are created.
permissions. SPD Server processes run in the context of a UNIX user ID, and that user
owns all of the resulting SPD Server file resources that are created.
The SPD Server password file allows better access control to SPD Server's data resources
than a native UNIX user ID. Many sites do not want to give UNIX accounts to SPD Server
system users, but still want protection and ownership of the data resources created in the
SPD Server environment. In this case, SPD Server user IDs provide the extra layer of access
control.
than a native UNIX user ID. Many sites do not want to give UNIX accounts to SPD Server
system users, but still want protection and ownership of the data resources created in the
SPD Server environment. In this case, SPD Server user IDs provide the extra layer of access
control.
The SPD Server administrator needs to be familiar with the psmgr utility in SPD Server.
If you do not use SPD Server user IDs, you still need the SPD Server password file. Without
the SPD Server password file, the SPD Server host process does not function correctly. To
disable the use of SPD Server user IDs at your site, specify the -NOACL option when you
start SPD Server.
the SPD Server password file, the SPD Server host process does not function correctly. To
disable the use of SPD Server user IDs at your site, specify the -NOACL option when you
start SPD Server.
If you use SPD Server user IDs, add them to the SPD Server password file that was created
during installation. The
during installation. The
psmgr
command reads its commands from stdin so you can pipe
commands to it from another command, script, or input file.
LDAP Password Authentication
LDAP Authentication causes SPD Server to authenticate an SPD Server user password
using LDAP, rather than using the password in the password database. LDAP
authentication allows an SPD Server user to have the same user ID and password as their
UNIX logon, as long as the UNIX logon meets the SPD Server character restrictions for
user IDs and passwords.
using LDAP, rather than using the password in the password database. LDAP
authentication allows an SPD Server user to have the same user ID and password as their
UNIX logon, as long as the UNIX logon meets the SPD Server character restrictions for
user IDs and passwords.
You can select the mode of password authentication with server parameters. You can
choose between using psmgr or LDAP. Once selected, all authentication is performed using
the selected mode. When you use LDAP authentication, an SPD Server user must be entered
in the SPD Server password database, in order to maintain other information that SPD
Server requires, such as a user's groups and access levels.
choose between using psmgr or LDAP. Once selected, all authentication is performed using
the selected mode. When you use LDAP authentication, an SPD Server user must be entered
in the SPD Server password database, in order to maintain other information that SPD
Server requires, such as a user's groups and access levels.
For more information about SPD Server LDAP authentication, see "SPD Server Password
Manager."
Manager."
LDAP Password Authentication
33