Administering the connection server

The authentication scheme file

The connection server authentication file or /etc/cs/auth is an optional file, maintained by the system administrator, that lists the authentication scheme and role associated with a particular host, service, network tuple. The system administrator does not need to (and in most cases will not) put information into this file. Typically, the connection server obtains the initial authentication information about a particular host, service, network tuple from the reportscheme service. The connection server retains this data in an internal cache so the reportscheme service will not be called in subsequent network requests for the same host, service, network tuple.

If, for any reason, the system administrator does not want the reportscheme service to be called for a particular host, service, network tuple, the authentication scheme information can be stored in /etc/cs/auth. When the connection server is started, it uses the information in /etc/cs/auth to initialize its internal cache.

The connection server authentication file is read only once when the connection server is started up. If the system administrator changes the file while the connection server is running, the command

cs -x

must be issued from the command line to tell the connection server to read the authentication file again. See cs(1Mbnu) for further information on cs.

NOTE: Administrators of server machines that do not offer the reportscheme service must inform administrators of client machines of changes to the authentication scheme of a service from NULL to another scheme, such as cr1. Then client machine administrators must either update the /etc/cs/auth file with the new scheme information and execute the cs -x command or kill the cs daemon and then restart it, so that the internal cache will be rebuilt with the correct information.

To change the connection server authentication file, the system administrator should manually edit the file. The format of the file comprises lines of tab-separated fields:

host service transport authentication_scheme imposer_role

When no scheme is required (sometimes referred to as a null scheme), the administrator indicates this by putting a dash (-) in the authentication scheme field. The ``imposer_role'' field indicates the client will act as either the responder (r) to the authentication process or as the imposer (i).

An example of a small authentication file is shown:

   #host    service     transport     authentication scheme     imposer role

pelham echo_tcp tcp cr1 r pelham cu tcp - r pelham uucico tcp cr1 r pelham date tcp - r

Example of a small authentication file

For more information on imposer role and authentication schemes, see ``cr1 Bilateral Authentication Scheme''.

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004