CA ControlMinder intercepts requests to access system resources and decides whether to permit or deny these requests. The decision is based on access rules and policies that are defined in the database. The interception of requests to access system resources takes place at the kernel level.
To control hosts, groups, users, and services, the kernel and the relevant system calls use codes or numbers (that is, IP addresses, group IDs, user IDs, and service numbers) instead of names. CA ControlMinder defines access rules based on names. CA ControlMinder translates names into codes recognizable by the kernel. This process is called name resolution.
On stand-alone stations, except for stations running Sun Solaris 2.5 or higher, name resolution is completed directly through the local user, group, and host files (/etc/passwd, /etc/group, and /etc/hosts). When CA ControlMinder needs to resolve a name, it simply calls a system function that in turn reads the relevant file.
On larger networks, however, this information is seldom stored locally. When you use NIS, DNS, or both, there are no local files that you can consult during name resolution. The information is requested and received from a server over the network.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|