Chapter 9
367
An Overview of ITO Processes
Understanding ITO Processes
Process Authentication
An important step in the authentication procedure that an ITO RPC
process goes through involves the obtaining of a login context. Every
secure RPC process has a login context, which it either inherits from its
parent process or establishes itself. The login context requires a name (or
principal) and a password (or key). Since ITO processes usually run
without any user interaction, reliance on an inherited login context is not
sufficiently secure. So, each process creates its own login context with a
name and password that must be registered at the DCE security service.
However, like UNIX, multiple processes may run within the same login
context. Management and maintenance of the login context is carried out
internally by the control agent and control manager.
Once the authentication process has completed successfully, a connection
is established, and the RPC request-reply sequence starts.
Authentication can be limited to the connection, the first RPC Client-
Server call or all RPCs between client and server. The following simple
example of communication between an RPC client and an RPC server
illustrates the procedure in the context of ITO. In this case, the RPC
client is the message agent on the managed node, and the RPC server is
the message receiver on the management server:
1. The message agent (RPC client) reads its password from the key file.
2. The message agent uses the password to log in to the security server,
procure a login context, and obtain a server ticket.
3. The message agent sends an RPC request to the message receiver
(RPC server).
4. The message receiver compares the ticket with the password
contained in the key file.
5. If the password matches, the message receiver tells the message
agent to proceed with its RPC request.
Process Names and Passwords
In ITO, both the management server and the managed nodes run RPC
clients and servers at the same time. This allows ITO to simplify a given
process’ requirements for configuration information prior to an RPC call,
namely:
❏
name and own password
❏
security level
Summary of Contents for -UX B6941-90001
Page 6: ...6 ...
Page 8: ...8 ...
Page 27: ...27 1 Prerequisites for Installing ITO Agent Software ...
Page 43: ...43 2 Installing ITO Agents on the Managed Nodes ...
Page 115: ...115 3 File Tree Layouts on the Managed Node Platforms ...
Page 163: ...163 4 Software Maintenance on Managed Nodes ...
Page 183: ...183 5 Configuring ITO ...
Page 298: ...298 Chapter5 Configuring ITO Variables ...
Page 299: ...299 6 Installing Updating the ITO Configuration on the Managed Nodes ...
Page 315: ...315 7 Integrating Applications into ITO ...
Page 333: ...333 8 ITO Language Support ...
Page 352: ...352 Chapter8 ITO Language Support Flexible Management in a Japanese Environment ...
Page 353: ...353 9 An Overview of ITO Processes ...
Page 372: ...372 Chapter9 An Overview of ITO Processes Secure Networking ...
Page 373: ...373 10 Tuning Troubleshooting Security and Maintenance ...
Page 481: ...481 A ITO Managed Node APIs and Libraries ...
Page 499: ...499 B Administration of MC ServiceGuard ...
Page 513: ...513 C ITO Tables and Tablespaces in the Database ...
Page 520: ...520 AppendixC ITO Tables and Tablespaces in the Database ITO Tables and Tablespace ...
Page 521: ...521 D ITO Man Pages Listing ...