| To: | nv-l@lists.us.ibm.com |
|---|---|
| Subject: | RE: [nv-l] NV Security |
| From: | James Shanks <jshanks@us.ibm.com> |
| Date: | Mon, 6 Mar 2006 11:47:38 -0500 |
| Delivery-date: | Mon, 06 Mar 2006 16:48:23 +0000 |
| Envelope-to: | nv-l-archive@lists.skills-1st.co.uk |
| In-reply-to: | <1A5AB46AA116114FB0EF78BBE5AA14A10231891A@CP2K3TLCEMLV1.capitol.local> |
| Reply-to: | nv-l@lists.us.ibm.com |
| Sender: | owner-nv-l@lists.us.ibm.com |
To the operating system, root is still the master. In fact he was
executing those NetView commands, but the commands themselves have a call
to the nvsecd daemon imbedded in them. nvsecd checks whether security is
enabled, and if so, whether the user has a current login or not. If
security is enabled and the user does not have a current login, nvsecd
replies with a bad return code, which causes the command itself to halt
with the error message you saw. The NetView commands themselves won't run
if nvsecd is not up, which is why it's the first daemon started by ovspmd
and why you must explicitly stop it.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
"Catalina
Martinez"
<Catalina.Martine To
z@tlc.state.tx.us <nv-l@lists.us.ibm.com>
> cc
Sent by:
owner-nv-l@lists. Subject
us.ibm.com RE: [nv-l] NV Security
03/06/2006 11:32
AM
Please respond to
nv-l@lists.us.ibm
.com
thank you.. I figured root always had ultimate powers. I did launch
nvauth and login from command line.
thanks again.
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
On Behalf Of James Shanks
Sent: Monday, March 06, 2006 10:22 AM
To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] NV Security
After you telnet'd in, did you login to NetView as well? Once NetView
security is enabled even root has to login with nvauth before it can do
anything.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
"Catalina
Martinez"
<Catalina.Martine
To
z@tlc.state.tx.us <nv-l@lists.us.ibm.com>
>
cc
Sent by:
owner-nv-l@lists.
Subject
us.ibm.com [nv-l] NV Security
03/06/2006 10:25
AM
Please respond to
nv-l@lists.us.ibm
.com
Hello List,
AIX 5.2 ML 6, Netview 7.1.4 FP4
I enabled security and now whenever I telnet to the server and log in as
root I can not run any Netview commands, such as ovobjprint. I get the
following error:
nvs_isClientAuthorized(): permission denied for "nvsec_admin".
A IBM Tivoli NetView login is required to permit the requested
operation.
authorized=0, status=36
I created a nvsecadm group and added root and a non-root user (since I
wanted nonroot to access nvsec_admin). but now root can not run
commands?
How do I by-pass this besides turning off security?
Catalina
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: [nv-l] NV Security, Catalina Martinez |
|---|---|
| Next by Date: | [nv-l] Web Console vs Web Browser, Catalina Martinez |
| Previous by Thread: | RE: [nv-l] NV Security, Catalina Martinez |
| Next by Thread: | [nv-l] Web Console vs Web Browser, Catalina Martinez |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Archive operated by Skills 1st Ltd
See also: The NetView Web