Table of Contents
Advertisement
Tuning, Troubleshooting, Security, and Maintenance
ITO Security
ITO Security
The administrator needs to investigate the security implications and
possibilities that are addressed during the configuration of ITO itself.
For example, managed nodes will only allow those management servers
that it recognizes as action-allowed managers to execute
operator-initiated actions. ITO security looks at the security-related
aspects of application set up and execution, operator-initiated actions,
and so on. The section on ITO security covers the following areas:
Accessing ITO
Program security
Database security
Application setup and execution
Executing and forwarding actions
The location of queue files
Accessing ITO
Only ITO registered users can access the ITO GUI. By default, the users
opc_adm and opc_op are available. The ITO user names and
passwords have no direct relation to UNIX user names and passwords.
However, it is possible to use UNIX user names, and if the user name is
defined in the ITO database, the user is not prompted for a password.
This is the fastest way to open an ITO GUI. Furthermore, it is
recommended that system administrators map unix user names (1:1) to
ITO operator names. In addition, The ITO administrator can change
operators' passwords, but cannot see any new password an operator
sets—the characters are masked by asterisks. By default, operators can,
of course, change their own passwords.
To remove the change password functionality from all operators,
comment the following lines:
Action "Change Password"
{
}
in /etc/opt/OV/share/conf/OpC/mgmt_sv/appl/registration/\
C/opc_op/opcop
450
Chapter 10
Advertisement
Table of Contents
Troubleshooting
