|
|
|
CA Access Control intercepts requests to access system resources and decides whether to permit or deny these requests. The decision is based on access rules and policies that are defined in the database. The interception of requests to access system resources takes place at the kernel level.
To control hosts, groups, users, and services, the kernel and the relevant system calls use codes or numbers (that is, IP addresses, group IDs, user IDs, and service numbers) instead of names. CA Access Control defines access rules based on names. CA Access Control translates names into codes recognizable by the kernel. This process is called name resolution.
On stand-alone stations, except for stations running Sun Solaris 2.5 or higher, name resolution is completed directly through the local user, group, and host files (/etc/passwd, /etc/group, and /etc/hosts). When CA Access Control needs to resolve a name, it simply calls a system function that in turn reads the relevant file.
On larger networks, however, this information is seldom stored locally. When you use NIS, DNS, or both, there are no local files that you can consult during name resolution. The information is requested and received from a server over the network.
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |