Versions Compared

Old Version 2

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 3

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

UNIX

When the USER_SECURITY option is enabled, a demand-driven UEM Server requires the ID of a valid local user account before it will begin monitoring the event. A password also may be required, depending on the rules set up in ACCESS_ACL.
 
Likewise, an event-driven UEM Server requires this information to be stored in an event handler record before it can execute a process on behalf of that handler. All handler processes started by UEM Server when the USER_SECURITY option is enabled are executed in the security context of this user account.
 
UEM Server for UNIX supports three different types of user authentication methods:

  1. Anchor
    108741010876101087410
    1087610
    Default authentication uses the UNIX traditional password comparison method.
  2. Anchor
    108741110876111087411
    1087611
    PAM authentication uses the PAM API to authenticate users. This option is only available for certain UNIX platforms.
  3. Anchor
    108741210876121087412
    1087612
    HP-UX Trusted Security uses HP-UX Trust Security APIs to authenticate users. This is only available on Hewlett Packard HP-UX platforms.

HP-UX 11.00 and later

By default, supplemental group memberships are recorded in the /etc/group file. However, if an /etc/logingroup file exists, it governs all supplemental group memberships and effectively overrides the entries in /etc/group.
 

Note
titleNote

/etc/logingroup is not required to record supplemental group membership. If /etc/logingroup does not exist, /etc/group is sufficient to record the groups in which a user belongs.

 
If any Universal Agent component fails to access system resources that are secured based on supplemental group membership, make sure that the authenticated user has an entry in /etc/logingroup, if that file exists. Otherwise, the default entry in /etc/group should be sufficient.
 
For more information about /etc/logingroup, please see the HP-UX system documentation.

Windows

When the USER_SECURITY option is enabled, a demand-driven UEM Server requires the ID and password of a valid local user account before it will begin monitoring the event. Likewise, an event-driven UEM Server requires this information to be stored in an event handler record before it can execute a process on behalf of that handler. All handler processes started by UEM Server when the USER_SECURITY option is enabled are executed in the security context of this user account.
 
To allow Windows to verify the user account information, a UEM Server will attempt to log that user on to the system via a call to a Windows system function.
 
Windows provides two types of logon methods: interactive and batch. Unless they have been explicitly denied the ability to do so, most user accounts can be validated with the interactive logon method. Conversely, a user account typically must be granted an additional privilege before they can be authenticated using the batch logon method. This privilege is shown in Windows as "Log on as a batch job."
 
For information on configuring UEM Server to use this logon method, see the UEM Server LOGON_METHOD option.