Within a cluster, access control is mediated by individualnodes using a common set of authorization information. In the singlesecurity domain model, a process, acting on behalf of an authorizedindividual, requests access to a cluster-visible object, and a coordinatingnode determines the outcome by comparing its copy of the commonauthorization database with the security profile for the objectbeing accessed. This model enforces security only when the authorizationinformation and the object security profiles are consistent acrossall nodes in the cluster.
To achieve data consistency within the cluster, a site needsto:
The easiest way to ensure a single security domain is to maintaina single copy of each of the files listed in System Files That Must Be Common in a Cluster on one or more cluster-mounted disks. As soon asany required file is created on one node, it must be created orcommonly referenced on all remaining cluster members. When a clusteris configured with multiple system disks, you can use system logicalnames to ensure that only a single copy of each file exists.
Table 1 System Files That Must Be Common in a Cluster
File
Description
NETOBJECT.DAT
Contains the DECnet objectdatabase. Among the information contained in this file is the listof known DECnet server accounts and passwords.
NETPROXY.DAT NET$PROXY.DAT
Contains the network proxydatabase. This file is maintained by the Authorize utility (AUTHORIZE).
QMAN$MASTER.DAT
Contains the master queuemanager database. This file contains the security information forall shared batch and print queues. If two or more nodes intend toparticipate in a shared queuing system, a single copy of this filemust be maintained on a shared disk.
RIGHTSLIST.DAT
Contains the rights identifierdatabase. This file is maintained by AUTHORIZE and by various rightsidentifier system services.
SYSALF.DAT
Contains the system autologinfile. This file is maintained by the System Management utility (SYSMAN).
SYSUAF.DAT
Contains the system userauthorization file. This file is maintained by AUTHORIZE and modifiablethrough the Set User Authorization Information ($SETUAI) systemservice.
SYSUAFALT.DAT
Contains the system alternateuser authorization file. This file serves as a backup to SYSUAF.DATand is enabled through the SYSUAFALT system parameter.
VMS$OBJECTS.DAT
Contains the cluster-visible object database.Among the information contained in this file are the security profilesfor all cluster-visible objects.
Some of the recommended files are created only on requestand may not exist in all configurations. Note that a file may beabsent on one node only if it is absent on all other nodes. As soonas any required file is created on one node, it must be createdor commonly referenced on all remaining cluster members.
Table 2 System Files Recommended to Be Common
File
Description
VMS$AUDIT_SERVER.DAT
Contains information relatedto security auditing, such as enabled security-auditing events andthe destination of the system security audit log file.
VMS$PASSWORD_HISTORY.DATA
Contains the system passwordhistory database. This file is maintained by the SET PASSWORD utility.
VMSMAIL_PROFILE.DATA
Contains the system maildatabase. This file is maintained by the Mail utility (MAIL). Itholds mail profiles for all system users as well as a list of all mailforwarding addresses in use on the system.
VMS$PASSWORD_DICTIONARY.DATA
Contains the system passworddictionary. The system password dictionary is a list of English wordsand phrases that cannot be used as account passwords.
VMS$PASSWORD_POLICY
Contains any site-specific password filters.This file is created and installed by the security administratoror system manager. (See Site-Specific Filters fordetails on password filters.)
Synchronizing Multiple Versions of Files
Using shared files is not the only way of achieving a singlesecurity domain. Some sites may have requirements for multiple copiesof one or more of these system files on different nodes in a cluster.As long as the security information available to each node in thecluster is exactly the same, these sites operate in a single securitydomain.
Possible unexplained loginfailures and unauthorized system access.
SYSUAFALT.DAT
Update allversions after any change to any authorization records in this file.
Possible unexplained loginfailures and unauthorized system access
VMS$OBJECTS.DAT
Update allversions after any change to the security profile of a cluster-visibleobject or after new cluster-visible objects are created. (See Protecting Objects for details.)
Possible unauthorized accessto protected objects
VMSMAIL_PROFILE.DATA
Update allversions after any changes to mail forwarding parameters.
Possible authorized disclosureof information
VMS$PASSWORD_HISTORY.DATA
Update allversions after any password change.
Possible violation of thesystem password policy
VMS$PASSWORD_DICTIONARY.DATA
Update allversions after any site-specific additions.