Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

init(1)

syslogd(1M)

audadmin(1M)

login(1)



credentiald(1M)          DG/UX B2 Security R4.12MU02         credentiald(1M)


NAME
       credentiald - co-ordinate authorization and authentication of users.

SYNOPSIS
       credentiald

DESCRIPTION
       credentiald is the central component in the Session Monitor, which is
       that portion of the system responsible for making decisions on user
       access.  credentiald should be running at all times and is therefore
       started by init at system boot time and any time it exits.

       The Session Monitor works on a Client/Server model, with credentiald
       being the main server in the process.  Session Initiators, such as
       login(1), act as clients, submitting session initiation requests to
       credentiald.  Since this communication process may reveal information
       about the system to which access should be restricted, only processes
       with appropriate privilege are allowed to communicate with
       credentiald.  If a process which does not have appropriate privilege
       attempts to communicate with credentiald, its request will be
       rejected and a note of the attempt will be made in syslog.

       If auditing is configured on your system, credentiald will audit both
       successful and failed session creation attempts.  Note that it will
       audit only failures that occurred for security reasons, whereas
       failures that were caused by system errors are recorded through the
       syslog mechanism.  The data audited are the parameters passed to the
       credential daemon by the session initiator (e.g., login(1)) which
       determined whether or not access should be granted.  These are the
       username, service, location, time, and, on systems configured for
       MAC, the requested MAC label.  A sample audit record might look like
       this:

       AUDIT RECORD:
       time: Tue Feb 20 09:44:07.680639 1996
       authid=0, pid=11711
       class=AUTHCMD(100), event=SERVICERE(1), reason=S(1), errno=0
       Event specific:
       data as strings: 'proto'
       data as strings: 'telnet'
       data as strings: 'remotehost'
       data as integers: 824827442
       data as strings: 'UNRESTR:NONE'


       The above audit record indicates that user proto was granted a new session
       via the telnet service, originating from remotehost at the time
       824827442 and with MAC label of UNRESTR:NONE.

SEE ALSO
       init(1), syslogd(1M), audadmin(1M), login(1).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026