Network Security Features

Reality includes network security features which make it possible to connect to remote hosts without having to supply a user-id or password.

UNIX

USERS-FILE

The UNIX file /etc/USERS-FILE provides a way of securing outgoing connections. It contains network user- and group-ids, and these are used to ensure network security by mapping local user- and group-ids to remote user-ids. Entries in the USERS-FILE are only used if the user-id parameter is not explicitly supplied in the connection statement.

The USERS-FILE can contain entries for both individual local user-ids and for UNIX group-ids. If a remote user-id is not supplied when connecting to a remote host, the system attempts to obtain the network user-id as follows:

From the USERS-FILE by looking up the local user-id.
If the user does not have an entry in the USERS-FILE, or if the user has no entry for the required remote system, the system checks for a group-id entry.
If no group-id entry is found, user equivalence is used, if specified.
If no network user-id can be obtained, the connection is made to the remote system logon prompt.

Each local user- or group-id entry must have a sub-entry for each remote system that the user needs to access, and for each remote system there will be a network user-id and password which will be supplied to that remote system.

For a detailed description of USERS-FILE management, refer to Network Security in UNIX-Connect System Administration.

User Equivalence

This makes use of a standard UNIX feature: the /etc/hosts.equiv and $HOME/.rhosts files. These files grant permission for remote users to use local user names without knowing the corresponding user passwords. It is known as user equivalence, because the remote user effectively becomes equivalent to the local user. It is convenient, for example, when one person has user-ids on a number of hosts.

If a user's home directory contains a file named .rhosts, remote users specified in the file are equivalent to the local user. Each user specification in the file consists of the remote host name and user name, separated by a space.

The user name is supplied in the DDA Connect message and the host name is derived from the PLId by means of PLIDHOST-FILE in the /etc directory.

Note

This form of system security must be specifically enabled by starting session manager with the -x option. If user equivalence is disabled, a password must be supplied by remote users when connecting. This can be achieved automatically using entries in the USERS-FILE on the local host.
User equivalence cannot be used for terminal connections to the UNIX environment. In this case, the user must enter the appropriate password.

For a detailed description of User Equivalence, refer to Network Security in UNIX-Connect System Administration.

Windows

On Windows, you can secure outgoing connections by using SSM option 2 (Define User Profiles) to map local user-ids to remote user-ids and passwords on particular Reality databases.

Product:	RealityVersion 15.4
Help revision:	Revision 0
Help topic:	Network Security Features (Networking)
File name:	userref_admin+SecurityFeatures.htm