Fail safe mode is a method of authentication that can take over when a host's domain manager is unavailable. It is controlled by the Enable fail safe host configuration policy in Remote Control. When enabled, the host loads a security provider and uses that to validate users. Typically, the local "Unified" security provider is used. By default, this permits anyone in the local administrators group or "root" on Linux/Mac OS X to connect.
When a connection attempt is made, the host asks the domain manager to authenticate. If it cannot reach the manager, it checks to see if security caching—security cache mode—is switched on. Security cache mode is controlled by the Enable security cache configuration policy. If security caching is on, it uses credentials from a local cache. The local cache keeps the login information for any user that successfully connected to the computer previously.
If the user is not found in the cache, the host checks the Enable fail safe policy and, if enabled, loads a security provider and attempts to validate the user with that.
Note: For more information about remote control configuration policies, see the Configuration Policy section of the DSM Explorer Help.
|
Copyright © 2013 CA.
All rights reserved.
|
|