Table of Contents
Advertisement
By default, none of the parameters are set, i.e. only users configured in the Safeguard OBJECTTYPE USER record (if
such exists) and super.super (unless explicitly denied in OBJECTTYPE USER) can access privileged commands.
Example
FULLSSHCOMACCESSUSER1 admin.joe
FULLSSHCOMACCESSUSER2 admin.jim
FULLSSHCOMACCESSUSER3 super.jane
Considerations
•
Some of the privileged commands in SSHCOM are critical to the security of the system. Therefore granting
access to other user accounts than super.super must be carefully considered.
•
The user super.super has always full access to all SSHCOM commands unless explicitly denied in
OBJECTTYPE USER record. Therefore it is not required to add super.super to the list of
FULLSSHCOMACCESSUSER parameters.
•
The parameters must be set contiguously, i.e. if one parameter FULLSSHCOMACCESSUSER<k> is not
defined the checking of FULLSSHCOMACCESSUSER<i> parameters stops.
•
This parameter set is disabled if a thawed OBJECTTYPE USER record exists in Safeguard, i.e. any
FULLSSHCOMACCESSUSER<i> parameter configuration is ignored in this case.
See also:
•
FULLSSHCOMACCESSGROUP<j>
•
See table in
"SSHCOM Access
GSSAUTH
Use this parameter to enable GSSAPI authentication in accordance with the RFC 4462.
Parameter Syntax
GSSAUTH [ * | gssauth-process-name ]
Arguments
*
GSSAPI user authentication is disabled
Gssauth-process-name
The process name of the GSSAUTH interface process that provides the GSSAPI functionality for SSH2.
Default
By default, GSSAPI authentication is disabled (*).
Example
GSSAUTH $GSS
Considerations
•
The GSSAUTH interface process is part of the Kerberos installation on your NonStop Server.
See also:
•
GSSKEX, GSSGEXKEX, ALLOWEDAUTHENTICATIONS
•
Section
"Single Sign-on with GSSAPI
70 • Configuring and Running SSH2
Summary" in section "SSHCOM Command Reference".
Authentication".
HP NonStop SSH Reference Manual
- Quick Links:
- The Ssh2 Solution
- Secure Sftp Transfer
Hide quick links:
Advertisement
Table of Contents
