nv-l
[Top] [All Lists]

RE: [nv-l] NV Security

To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] NV Security
From: James Shanks <jshanks@us.ibm.com>
Date: Mon, 6 Mar 2006 11:47:38 -0500
Delivery-date: Mon, 06 Mar 2006 16:48:23 +0000
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
In-reply-to: <1A5AB46AA116114FB0EF78BBE5AA14A10231891A@CP2K3TLCEMLV1.capitol.local>
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
To the operating system, root is still the master.  In fact he was
executing those NetView commands, but the commands themselves have a call
to the nvsecd daemon imbedded in them.  nvsecd checks whether security is
enabled, and if so, whether the user has a current login or not.  If
security is enabled and the user does not have a current login, nvsecd
replies with a bad return code, which causes the command itself to halt
with the error message you saw.   The NetView commands themselves won't run
if nvsecd is not up, which is why it's the first daemon started by ovspmd
and why you must explicitly stop it.

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group


                                                                           
             "Catalina                                                     
             Martinez"                                                     
             <Catalina.Martine                                          To 
             z@tlc.state.tx.us         <nv-l@lists.us.ibm.com>             
             >                                                          cc 
             Sent by:                                                      
             owner-nv-l@lists.                                     Subject 
             us.ibm.com                RE: [nv-l] NV Security              
                                                                           
                                                                           
             03/06/2006 11:32                                              
             AM                                                            
                                                                           
                                                                           
             Please respond to                                             
             nv-l@lists.us.ibm                                             
                   .com                                                    
                                                                           
                                                                           




thank you.. I figured root always had ultimate powers. I did launch
nvauth and login from command line.

thanks again.

-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
On Behalf Of James Shanks
Sent: Monday, March 06, 2006 10:22 AM
To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] NV Security

After you telnet'd in, did you login to NetView as well?  Once NetView
security is enabled even root has to login with nvauth before it can do
anything.

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group




             "Catalina

             Martinez"

             <Catalina.Martine
To
             z@tlc.state.tx.us         <nv-l@lists.us.ibm.com>

             >
cc
             Sent by:

             owner-nv-l@lists.
Subject
             us.ibm.com                [nv-l] NV Security





             03/06/2006 10:25

             AM





             Please respond to

             nv-l@lists.us.ibm

                   .com









Hello List,

AIX 5.2 ML 6, Netview 7.1.4 FP4
I enabled security and now whenever I telnet to the server and log in as
root I can not run any Netview commands, such as ovobjprint. I get the
following error:
nvs_isClientAuthorized(): permission denied for "nvsec_admin".
 A IBM Tivoli NetView login is required to permit the requested
operation.
authorized=0, status=36

I created a nvsecadm group and added root and a non-root user (since I
wanted nonroot to access nvsec_admin). but now root can not run
commands?

How do I by-pass this besides turning off security?

Catalina





<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web