Daylight Worksheet - Server security --WITH HINTS

The Daylight servers maintain a list of allowed users similar to but separate from the operating system's. A list of allowed hosts is maintained also. The sthorman program is an administrative tool which can modify this security configuration.

• Adding an allowed user:
  1. Start the sthorman program. Specify user thor and service thor.

     % sthorman
     Version: sthorman 4.62
     
               ....................................................
               .  STHORMAN -- Serial THOR Manager Program.        .
               .                                                  .
               .  Enter "?" for help at any prompt.               .
               .  The menu selection "." goes to top-level menu.  .
               ....................................................
     
     STHORMAN needs to be connected to a server.
     
     Enter machine the server is running on: ("dia") 
     Enter port (service) of server: ("thor") 
     Enter username: ("jj") thor
     Enter server username's password: 
     
     
     Connected to new server.
     Current service:  dia:thor
     

  2. Go to the Change server security menu. Select Add/Change user.

     SERVER MENU (TOP LEVEL MENU):
     1) Connect to a new server
     2) List server's version
     3) List current users
     4) Change server security...
     5) Databases...
     6) Send message to users...
     7) Evict user...
     0) Quit
     Enter menu selection (or '?'): 4
     

  3. Specify a user. Note that several Daylight client applications use the unix login as a default Daylight user. Thus, it is convenient to use your unix login as a Daylight user-name also.

     SERVER SECURITY MENU:
     1) List users
     2) List hosts
     3) Add/Change user
     4) Add host
     5) Remove user
     6) Remove host
     7) Set exclusion mode
     0) Go back to server menu
     Enter menu selection (or '?'): 3
     
     Current service:  dia:thor
     Enter user name: kilroy
     This user does NOT exist, make new user? ("yes") 
     

  4. Specify a password for the new user. The null password may be used if desired.

     Enter password for kilroy: 
     
     Enter authorization password: 
     
     New user has been added for kilroy to server list.
     

  ---

• Adding an allowed host: An allowed host may be added in a similar fashion. Then any users from this host may connect to the Daylight servers.

  ---

• Equivalent hosts mode vs. Restricted hosts mode - Server security may be in one of these two modes. In equivalent hosts mode, if a host is listed as allowed, any user from that host may connect with no server password. Allowed users may connect from any host. In restricted hosts mode, only allowed hosts may connect and only allowed users. Toggle the mode with sthorman and test that the servers comply.

Note that the security configuration is stored in the file specified by environment variable $DY_DATABASE_PASSWORDS_FILE, in our case at /daylight/dy_passwords.dat. You may inspect this file to see the effects of these changes.