Authorization File

The released version of the /usr/openv/java/auth.conf file that is installed on all NetBackup-Java capable hosts and contains only the following entries.

• The first field of each entry is the user name that is granted access to the rights specified by that entry. In the released version, the first field allows root users to use all of the NetBackup-Java applications.

An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. If the auth.conf file exists, it must have an entry for each user or an entry containing an asterisk (*) in the username field; users without entries cannot access any NetBackup-Java applications. Any entries that designate specific user names must precede a line that contains an asterisk in the username field.

• The remaining fields specify the access rights.
• The ADMIN keyword specifies the applications that the user can access. ADMIN=ALL allows access to all NetBackup-Java applications and their related administrator related capabilities. To allow the use of only specific applications, see Authorizing Nonroot Users for Specific Applications.
• The JBP keyword specifies what the user can do with the Backup, Archive, and Restore client application (jbpSA). JBP=ALL allows access to all Backup, Archive, and Restore capabilities, including those for administration. To allow only a subset of those capabilities, see Capabilities Authorization for jbpSA.
• An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. The second line of the released version has an asterisk in the first field, which means that NetBackup-Java validates any user name for access to the Backup, Archive, and Restore client application (jbpSA). JBP=ENDUSER+BU+ARC allows end users to only back up, archive and restore files.

When starting the NetBackup-Java administrator applications or the Backup, Archive, and Restore application (jbpSA), you must provide a user name and password that is valid on the machine that you specify in the NetBackup host field of the login dialog. The NetBackup-Java application server authenticates the user name and password by using the system password file data for the specified machine, so the password must be the same as used when logging in to that machine.

For example, assume you log in with:

Here you must use the same user name and password when logging in to NetBackup-Java.

It is possible to log in to the NetBackup-Java application server under a different user name than the one used for logging in to the operating system. For example, if you log in to the operating system with a user name of joe, you could subsequently log in to jnbSA as root. When you exit, in this instance, some application state information (for example, table column order) is automatically saved in joe's $HOME/.nbjava directory and is restored the next time you log in to the operating system under account joe and initiate the NetBackup-Java application. This method of logging in is useful if there is more than one administrator because it saves the state information for each of them.

If the user name is not valid according to the contents of the auth.conf file, the user sees the following error message in a popup message dialog and all applications are inaccessible.

To summarize, you have two basic choices for types of entries in the auth.conf file:

• Use the released defaults to allow anyone with any valid user name to use the Backup, Archive, and Restore client application (jbpSA) and only root users to use the administrator applications and the administrator capabilities in jbpSA.
• Specify entries for valid user names.

---

  Note    The validated user name is the account the user can back up, archive or restore files from or to. The Backup, Archive, and Restore application (jbpSA) relies on system file permissions when browsing directories and files to back up or restore.

---