“About This Guide” includes brief descriptions of the contents of this guide and an explanation of typographical conventions used, and refers you to additional sources of information you might find helpful.
This guide explains how to administer the special security features provided in the IRIX Commercial Security Pak™ with Silicon Graphics® workstations and servers.
If you have a graphics workstation, you may find it convenient to use the System Manager, which is described in the Personal System Administration Guide. That guide should be your first resource for administering graphics workstations. Regardless of whether you use the System Manager or the IRIX command-line interface, the results are the same. The System Manager does not create any new files on your system.
If you have a server, the IRIX Admin manual set is your primary guide to system administration, since without graphics you cannot use the System Manager.
This guide describes only those special features contained in the Commercial Security Pak software option.
This guide contains the following chapters:
|Chapter 1, “Introduction to the Commercial Security Pak”|
|Chapter 2, “Planning Your System Security Policy”|
|Chapter 3, “Administering Login Accounts”|
|Chapter 4, “Administering Access Control”|
|Chapter 5, “Administering the System Audit Trail”|
|Chapter 6, “Administering Identification and Authentication”|
|Chapter 7, “Administering CSP-Kerberos”|
|Chapter 8, “System Data Files”|
These type conventions and symbols are used in this guide:
Literal command-line arguments (options/flags), nonalphabetic data types, operators, and subroutines.
Executable names, filenames, glossary entries (online, these show up as underlined), IRIX commands, manual/book titles, new terms, onscreen button names, program variables, tools, utilities, variable command-line arguments, variable coordinates, and variables to be supplied by the user in examples, code, and syntax statements.
|Bold fixed-width type|
Environment variables, operator names, directives, defined constants, macros in C programs
(Double quotation marks) Onscreen menu items and references in text to document section titles
(Brackets) Surrounding optional syntax statement arguments
This guide uses the standard UNIX convention for citing reference pages in the IRIX documentation. The page name is followed by the section number in parentheses. For example, rcp(1C) refers to the rcp online reference page.
This guide is written for administrators who are responsible for performing tasks beyond the reasonable scope of “end users” on IRIX systems that include the Commercial Security Pak. Frequently, people who would consider themselves end users find themselves performing advanced administrative tasks. This book has been prepared to help both the new and experienced administrator successfully perform all operations necessary to configure and maintain IRIX systems. It is hoped that people who considered themselves end users in the past will, by using this book, gain experience and confidence in successfully performing advanced system administration tasks.
This guide is intended for administrators who are responsible for one or more systems running the IRIX operating system with Commercial Security Pak extensions, beyond the usual user responsibility for the user's home directory structure and immediate working directories. This guide and its companion administration guides have been written to provide directions for those who find themselves in the position of maintaining IRIX systems for themselves and others and who require more information about IRIX commands and system and network expertise.
For easy reference, here is a list of the guides and resources provided with your system and the specific focus and scope of each:
This guide is an supplemental resource to the IRIX Admin manual set. This guide differs from the IRIX Admin documentation in certain areas and should be considered the authoritative guide for IRIX operating systems with the Commercial Security Pak extensions.
The IRIX Admin suite is intended for administrators: those responsible for servers, multiple systems, and file structures outside the user's home directory and immediate working directories. If you maintain systems for others or if you require more information about IRIX than is in the end-user manuals, these guides are for you. The IRIX Admin guides are available through the IRIS InSight™ online viewing system. They are also available on the World Wide Web at http://www.sgi.com/Technology/TechPubs. The set comprises these volumes:
IRIX Admin: Software Installation and Licensing —Explains how to install and license software that runs under IRIX, the Silicon Graphics implementation of the UNIX operating system. Contains instructions for performing miniroot and live installations using Inst, the command line interface to the IRIX installation utility. Identifies the licensing products that control access to restricted applications running under IRIX and refers readers to licensing product documentation.
IRIX Admin: System Configuration and Operation —Lists good general system administration practices and describes system administration tasks, including configuring the operating system; managing user accounts, user processes, and disk resources; interacting with the system while in the PROM monitor; and tuning system performance.
IRIX Admin: Disks and Filesystems —Describes how to add, maintain, and use disks and filesystems. Discusses how they work, their organization, and how to optimize their performance.
IRIX Admin: Networking and Mail —Describes how to plan, set up, use, and maintain the networking and mail systems, including discussions of sendmail, UUCP, SLIP, and PPP.
RIX Admin: Backup, Security, and Accounting
IRIX Admin: Peripheral Devices —Describes how to set up and maintain the software for peripheral devices such as terminals, modems, printers, and CD-ROM and tape drives. Also includes specifications for the associated cables for these devices.
IRIX Admin: Selected Reference Pages—Provides concise reference page (manual page) information on the use of commands that may be needed while the system is down. Generally, each reference page covers one command, although some reference pages cover several closely related commands. Reference pages are available online through the man(1) command.
The IRIX reference pages (often called “man” or “manual” pages) provide concise reference information on the use of IRIX commands, subroutines, and other elements that make up the IRIX operating system. This collection of entries is one of the most important references for an administrator. Generally, each reference page covers one command, although some reference pages cover several closely related commands.
The IRIX reference pages are available online through the man command. To view a reference page, use the man command at the shell prompt. For example, to see the reference page for diff, enter
It is a good practice to print reference pages that you use frequently for reference and those you are likely to need before major administrative operations and keep them in a notebook.
Each command, system file, or other system object is described on a separate page. The reference pages are divided into seven sections, as shown in Table i. When referring to reference pages, this document follows a standard UNIX convention: the name of the command is followed by its section number in parentheses. For example, cc(1) refers to the cc reference page in Section 1.
Table i liststhe reference page sections and the types of reference pages that they contain.
Table 1. Outline of Reference Page Organization
Type of Reference Page
System Calls and Error Numbers
Demos and Games
Release notes provide release-specific information about a product. Exceptions to the information in the administration guides are found in this document. Release notes are available online through the relnotes command. Each product or application has its own set of release notes. The grelnotes command provides a graphical interface to the release notes of all products installed on your system.
Your system comes with an online help system. This system provides help cards for commonly asked questions about basic system setup and usage. The command to initiate a help session is desktophelp.
The Silicon Graphics World Wide Web (WWW) presence has been established to provide current information of interest to Silicon Graphics customers. The following URL addresses are accessible to most commercially available Web browsers on the Internet: