Daylight Summer School 2001, June 5-7, Santa Fe, NM
Daylight Worksheet - Security of Servers
...SHOW HINTS
The Daylight servers maintain a list of allowed users similar to but
separate from the operating system's. A list of allowed hosts is
maintained also. The sthorman program is an administrative tool which
can modify this security configuration.
- Adding an allowed user:
- Start the
sthorman program. Specify user
thor and service thor.
- Go to the
Change server security menu. Select
Add/Change user.
- Specify a user. Note that several Daylight client applications use
the unix login as a default Daylight user. Thus, it is convenient
to use your unix login as a Daylight user-name also.
- Specify a password for the new user. The null password may be
used if desired.
- Adding an allowed host: An allowed host may be added
in a similar fashion. Then any users from this host may connect
to the Daylight servers.
- Equivalent hosts mode vs. Restricted hosts mode - Server
security may be in one of these two modes. In equivalent hosts mode,
if a host is listed as allowed, any user from that host may connect
with no server password. Allowed users may connect from any host.
In restricted hosts mode, only allowed hosts may connect and only
allowed users. Toggle the mode with
sthorman
and test that the servers comply.
Note that the security configuration is stored in the file
specified by environment variable
$DY_DATABASE_PASSWORDS_FILE, in our case at
/daylight/dy_passwords.dat. You may inspect this
file to see the effects of these changes.
Daylight Chemical Information Systems Inc.
support@daylight.com