NAME
asecure — control access to Audio on a workstation
SYNOPSIS
/opt/audio/bin/asecure
[-CdelP
]
[+h host
]
[-h host
]
[+p user
]
[-p user
]
[+u user
]
[-u user
]
[+b host,user
]
[-b host,user
]
DESCRIPTION
On Series 700 workstations, audio is secured so that only the
user on the local workstation can access audio.
You use the
asecure
command to modify audio security. This command does not apply to
X stations; on an X station, access to audio is unrestricted.
To modify audio security, become root on the
local workstation where you want make a change.
Then, use
asecure
as follows:
/opt/audio/bin/asecure -C
When prompted, enter any meaningful password. Issuing
asecure -C
creates the Audio Security File (ASF).
The ASF contains information that determines which hosts and users
can access the Aserver, and which users (other
than the superuser) can modify the ASF.
If needed, you can allow unrestricted access to audio on this
workstation. To remove audio security, issue this command:
/opt/audio/bin/asecure -d
If instead, you wish to modify security, you use
asecure
to make changes to the information in the ASF.
(Because the ASF is a binary file, we do not recommend
using an editor on this file.)
You can use
asecure
to make these types of changes:
Allow all clients from a remote host to access the server.
Allow specific users from all other hosts to access the server.
Allow a specific user from a specific host to access the server.
Disable access control, allowing complete unrestricted access
to the server, but leaving the ASF intact.
Every operation that creates, reinitializes, or changes the
contents of the ASF is logged in the
/var/adm/audio/asecure_log
file,
so that you can track any changes to the ASF.
Options
asecure
supports the following options:
- +b|-b host,user
Add/delete
hostname,username
pair. You must be either superuser or a
privileged user
to do this. You can supply more than one
hostname,username
pair separated by blanks.
To use either the
+b
or
-b
options, you MUST supply at least one
hostname,username
pair. This option will not work without a pair.
- -C
Create a new ASF file, called the
audio.sec
file. Access control default is enabled with no
entries in the access list. Aserver can now be accessed only by local
users on the host machine. If an
audio.sec
file already exists, it is re-initialized.
You must be superuser to execute this option. This option is mutually-exclusive of all other options.
This option requires a password. This is an extra layer of protection
for the contents of the ASF. It is designed to prevent surreptitious
manipulation of the ASF. If you are creating a new ASF, you are prompted
for a password and an encrypted copy of that password is stored in
the new ASF.
If the ASF already exists, you are prompted for the password. If your password
matches the password stored in the ASF, the ASF is then re-initialized.
- -d
Disable access control to the Aserver. This allows unrestricted access by
all clients.
- -e
Enable access control to the Aserver. This restricts access to clients listed
in the ASF. Enabled is the default state.
- +h|-h host
Add/delete
hostnames
for ALL users. You must be either superuser or a
privileged user
to do this. You can supply more than one
hostname
separated by blanks.
- -l
List the contents of the ASF. This option shows a list of the hostnames
and/or usernames that have access to the Aserver.
- -P
Change password for
audio.sec
file. You must be superuser to do this. You are prompted once for the
old password, then prompted twice for the new password.
- +p|-p user
Add/delete
privileged users.
You must be superuser to do this
and must enter the password given when the ASF was created (see
-C
option). To see a list of privileged users, you must be superuser
and use the
-l
option.
- +u|-u user
Add/delete
usernames
for ALL hosts. You must be either superuser or a
privileged user
to do this. You can supply more than one
username
separated by blanks.
EXAMPLES
List entries in access list.
/opt/audio/bin/asecure -l
Disable access control. This means anyone can connect to Aserver without
restriction.
/opt/audio/bin/asecure -d
Add
moonbeam
host for all users to access list. Remove
pluto
host for all users from access list.
/opt/audio/bin/asecure +h moonbeam -h pluto
Add user
comet
for hosts
saturn
and
mercury
to access list.
/opt/audio/bin/asecure +b saturn,comet mercury,comet
Add user
comet
to access list for all hosts. Remove users
venus
and
neptune
from access list for all hosts.
/opt/audio/bin/asecure +u comet -u venus neptune
Create new access list.
/opt/audio/bin/asecure -C
AUTHOR
asecure
was developed by
HP.
FILES
- /var/opt/audio/asecure_log
asecure log pathname
- /etc/opt/audio/audio.sec
ASF pathname