Authorizing NetBackup-Java Users

If enhanced authentication is not configured, you may choose to authorize users of the NetBackup-Java console for specific applications. The following sections document how to do so.

With one exception, enhanced authorization, when configured as described, always takes precedence over the capabilities authorization of NetBackup-Java as described in Allowing Nonroot Users to Administer NetBackup.

When Enhanced Authorization is configured, but a user is not authorized as an administrator of NetBackup, the capabilities allowed to this user in the Backup, Archive, and Restore (jbpSA) application are those specified for the user in the auth.conf file resident on the host specified in the NetBackup-Java login dialog.

Users of the NetBackup-Java interfaces must log in to the NetBackup-Java application server that is on the NetBackup host where they want to perform administrator or user operations.

The /usr/openv/java/auth.conf file contains the authorization data for accessing NetBackup-Java applications. This file exists only on NetBackup-Java capable machines where the NetBackup-Java interface software is installed. The default auth.conf file provides the following authorizations:

On NetBackup servers: Administration capabilities for the root user and user backup and restore capabilities for all other users.
On NetBackup clients: User backup and restore capabilities for all users.

On all other UNIX NetBackup systems, the file does not exist but the NetBackup-Java application server provides the same default authorization. To change these defaults on other UNIX systems, you must create the /usr/openv/java/auth.conf file.

To perform remote administration or user operations with jbpSA a user must have valid accounts on the NetBackup UNIX server or client machine.

As is explained earlier in this section, you can validate nonroot users to administer NetBackup and can also validate users for specific capabilities of the NetBackup Java applications.

Note Nonroot or non-administrator users can be authorized to remotely administer Windows NT/2000 NetBackup servers from the NetBackup-Java Console by setting up the desired authorization in the auth.conf file on the Windows server.
The auth.conf file must contain entries for the UNIX usernames used on the login dialog of the NetBackup-Java Console. The auth.conf file must reside in <install_path>\VERITAS\java on each Windows server you wish to provide nonroot administration capability.
If no auth.conf file exists, or it doesn't contain an entry for the username and the host authorization between the two is set up, (i.e., SERVER entries in the configuration of each), the user will have the same privileges to administer the remote Windows server as they have on the server specified in the login dialog for the NetBackup-Java Console.


^ Return to Top	< Previous \| Next >

Product: NetBackup System Administrator's Help
VERITAS Software Corporation www.veritas.com