AcuLaunch comes with a default security file known as "AcuAccess." This file contains a database of access records that determine which machines and which users are allowed to use AcuLaunch. Depending on the construction of the database records, the server access file can provide many levels of system access, from very permissive to very restrictive. By default, system access is permissive, so before beginning thin client operation, you should customize the file to a level of security appropriate for your application.
To modify the server access file, log onto the server as the superuser (UNIX) or Administrator (Windows) and type:
acurcl -access
In Windows, you can also issue this command from an account that belongs to the Administrators group or you can click the "acurcl -access" icon.
The "acurcl -access" command starts the access file manager utility. When the access file manager starts, you are prompted for the path and name of the server access file. To accept the default value simply press <Return>.
After opening the access file, the manager displays a menu of five options:
Server Access File Option: 1. Add a security record 2. Remove a security record 3. Modify a security record 4. Display one/all security records 5. Exit
Use the access file manager to customize the AcuAccess file as required.
Access records may include wild cards that allow all clients or all users (except root under UNIX and Administrator under Windows NT or Windows 2000) access to AcuLaunch. Or you can create individual access records for each user of each client. By having individual access records, you can restrict access to only those users specifically named in the access file.
The individual access records allow you to specify the user ID that AcuLaunch will use when executing requests for users matching the given record. In this way you can assign a user ID that has exactly the privileges needed, and no more (typical of group access accounts).
In addition, every access record can include a password entry which the application or user must match before AcuLaunch will establish a connection. (Whether this password is used on Windows NT/2000 servers depends on the value of the NT-SECURITY configuration variable. See section 3.3.2 Assigning Values to Server Configuration Variables for more information.)
The security system is almost completely transparent to the end user. Only when remote file access requires interactive password authentication is the user made aware of the security system.
Creation and modification of the server access file requires root privileges on UNIX, and Administrator or Administrators group privileges on Windows NT or Windows 2000.
On UNIX servers the access file must be owned by root. The access file cannot be writable by anyone other than root. If the access file does not exist, is not owned by root, or is writable by users other than root, AcuLaunch will not start.
On Windows NT and Windows 2000 servers, you should protect the access file by allowing only the Administrator or someone in the Administrators group to have write access to it. If the access file does not exist, is not owned by Administrator or the Administrators group, or is writable by users other than Administrator or the Administrators group, AcuLaunch will not start.
More: