The /usr/openv/java/auth.conf file is installed on all NetBackup-Java capable hosts and contains only the following entries:
root ADMIN=ALL JBP=ALL * ADMIN=JBP JBP=ENDUSER+BU+ARC
The first field of each entry is the user name that is granted access to the rights that the entry specifies. In the released version, the first field allows root users to use all of the NetBackup-Java applications.
An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. If the auth.conf file exists, it must have an entry for each user. Or, the auth.conf file must have an entry that contains an asterisk (*) in the user name field; users without entries cannot access any NetBackup-Java applications. Any entries that designate specific user names must precede a line that contains an asterisk in the user name field.
Note: |
The asterisk specification cannot be used to authorize all users for any administrator capabilities. Each user must be authorized by using individual entries in the auth.conf file. |
To deny all capabilities to a specific user, add a line that indicates the user before a line that starts with an asterisk.
mydomain\ray ADMIN= JBP= * ADMIN=JBP JBP=ENDUSER+BU+ARC
The remaining fields specify the access rights.
The ADMIN keyword specifies the applications that the user can access. ADMIN=ALL allows access to all NetBackup-Java applications and the related administrator-related capabilities.
The JBP keyword specifies what the user can do with the Backup, Archive, and Restore client application (jbpSA). JBP=ALL allows access to all Backup, Archive, and Restore capabilities, including those for administration.
An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. The second line of the released version contains an asterisk in the first field. The asterisk means that NetBackup-Java validates any user name for access to the Backup, Archive, and Restore client application jbpSA. JBP=ENDUSER+BU+ARC allows users to back up, archive, and restore files only.
The user name and password that is entered in the logon screen must be valid on the machine that is specified in the host field. (True for starting the NetBackup-Java administration console or the Backup, Archive, and Restore application (jbpSA).) The NetBackup-Java application server authenticates the user name and password by using the system password file data for the specified machine. The password must be the same password that was used upon logon at that machine.
For example, assume you log on with the following information:
username = joe password = access
Here you must use the same user name and password to log into NetBackup-Java.
Note: |
The NetBackup-Java logon box accepts passwords greater than eight characters. However, only the first eight are significant upon logon to a NetBackup-Java application server on a UNIX system. |
You can log on to the NetBackup-Java application server under a different user name than the name used to log on to the operating system. For example, if you log on to the operating system with a user name of joe, you can subsequently log on to jnbSA as root.
Upon exit, some application state information is automatically saved in the directory of joe $HOME/.java/.userPrefs/vrts directory. (For example, table column order.) The information is restored the next time you log on to the operating system under account joe and initiate the NetBackup-Java application. This logon method of is useful if there is more than one administrator because it saves the state information for each administrator.
Note: |
NetBackup-Java creates a user's $HOME/.java/.userPrefs/vrts directory the first time an application is exited. Only NetBackup-Java applications use the .java/.userPrefs/vrts directory. |
If the user name is not valid as determined by the contents of the auth.conf file, an error message appears. All applications are inaccessible to the user:
No authorization entry exists in the auth.conf file for username name_specified_in_login_dialog. None of the NB-Java applications are available to you.