Access Control Policy Switch | Determines whether a subject is authorized to perform an |
(ACPS) | operation on an object. |
Access Control Policy Module | Evaluates |
| mapping policies to service access control requests. |
management commands | Edits and validates |
HP-UX RBAC Access Control Policy Switch
The
The ACPS has the following interfaces, described in detail in each of their respective manpages:
•ACPS Application Programming Interface (API)
•ACPS Service Provider Interface (SPI)
•/etc/acps.conf
The administrative interface for the ACPS is the /etc/acps.conf configuration file. The /etc/acps.conf configuration file determines which policy modules the ACPS consults, the sequence in which the modules are consulted, and the rules for combining the module's responses to deliver a result to the applications that need access control decisions. This ACPS implementation allows you to create a module to enforce custom policy without modifying existing
NOTE: Refer to the following manpages for more information on the ACPS and its interfaces:
•acps(3)
•acps.conf(4)
•acps_api(3)
•acps_spi(3)
HP-UX RBAC Configuration Files
Table
Table 3-3 HP-UX RBAC Configuration Files
Configuration File | Description |
/etc/rbac/auths | Database file containing all valid authorizations. |
/etc/rbac/cmd_priv | privrun database file containing command and file authorizations and privileges. |
/etc/rbac/role_auth | Database file defining the authorizations for each role. |
/etc/rbac/roles | Database file defining all configured roles. |
/etc/rbac/user_role | Database file defining the roles for each user. |
/etc/acps.conf | Configuration file for the ACPS. |
/etc/rbac/aud_filter | Audit filter file identifying specific |
HP-UX RBAC Commands
Table
30
