RSCT security considerations on the Windows platform
RSCT's cluster security services provide the security infrastructure that enables components of RSCT to authenticate and authorize the identity of other parties.
RSCT's cluster security services provide the security infrastructure
that enables components of RSCT to authenticate and authorize the
identity of other parties, as follows:
- Authentication is the process of ensuring that a party is who it claims to be. Using cluster security services, various cluster applications can check that other parties are genuine and are not attempting to gain unwarranted access to the system.
- Authorization is the process by which a cluster software component grants or denies access to resources based on certain criteria. The only RSCT component that implements authorization is RMC, which uses access control list (ACL) files to control user access to resource classes and to instances of those resource classes.
RSCT cluster security services are disabled when running on a Windows platform. On the Windows platform, authentication is verified by the standard Windows login process and authorization is verified by the standard Windows file permissions on the RSCT commands. A logged in Windows user must have execute permission on the appropriate files in order to run RSCT commands.
All of Tivoli® System Automation
and RSCT is protected by file permissions. Therefore:
- On the local machine, if a user has the execute file permission on RSCT commands, the user can run RSCT commands. In particular, any user who is an administrator can execute RSCT commands.
- Any user who has remote access to the Windows machine and who has the execute file permission on RSCT commands can run RSCT commands.