matrix.conf(4) [osf1 man page]
matrix.conf(4) Kernel Interfaces Manual matrix.conf(4) NAME
matrix.conf - SIA (Security Integration Architecture) configuration file DESCRIPTION
The matrix.conf file provides the means to configure the SIA security mechanisms for security sensitive commands. Each security mechanism provider should either use the siacfg command to update the matrix.conf file or provide a new matrix.conf file to support their security product. The operating system is provided with a default BSDmatrix.conf file. When the sysman secconfig utility is run to enable enhanced security, the operating system modifies the matrix.conf file to use the enhanced security mechanism. See the EXAMPLES section for samples of the default files. The commands affected by the SIA mechanism and matrix.conf file include: rshd ftpd chfn chsh su login passwd The Security manual contains a detailed description of the SIA programming interface and as well as a description of the administration of the associated /etc/sia/matrix.conf files. EXAMPLES
The following is the default BSD (Base) security mechanism /etc/sia/matrix.conf file: # # sia matrix configuration file (BSD only) # siad_init=(BSD,libc.so) siad_chk_invoker=(BSD,libc.so) siad_ses_init=(BSD,libc.so) siad_ses_authent=(BSD,libc.so) siad_ses_estab=(BSD,libc.so) siad_ses_launch=(BSD,libc.so) siad_ses_suauthent=(BSD,libc.so) siad_ses_reau- thent=(BSD,libc.so) siad_chg_finger=(BSD,libc.so) siad_chg_password=(BSD,libc.so) siad_chg_shell=(BSD,libc.so) siad_getpwent=(BSD,libc.so) siad_getpwuid=(BSD,libc.so) siad_getpwnam=(BSD,libc.so) siad_setpwent=(BSD,libc.so) siad_endpwent=(BSD,libc.so) siad_getgrent=(BSD,libc.so) siad_getgrgid=(BSD,libc.so) siad_getgrnam=(BSD,libc.so) siad_setgrent=(BSD,libc.so) siad_endgrent=(BSD,libc.so) siad_ses_release=(BSD,libc.so) siad_chk_user=(BSD,libc.so) The following is the default enhanced security (C2) mechanism /etc/sia/matrix.conf file: siad_init=(BSD,libc.so) siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so) siad_ses_init=(OSFC2,/usr/shlib/libsecurity.so) siad_ses_authent=(OSFC2,/usr/shlib/libsecurity.so) siad_ses_estab=(OSFC2,/usr/shlib/libsecurity.so) siad_ses_launch=(OSFC2,/usr/shlib/lib- security.so) siad_ses_suauthent=(OSFC2,/usr/shlib/libsecurity.so) siad_ses_reauthent=(OSFC2,/usr/shlib/libsecurity.so) siad_chg_fin- ger=(OSFC2,/usr/shlib/libsecurity.so) siad_chg_password=(OSFC2,/usr/shlib/libsecurity.so) siad_chg_shell=(OSFC2,/usr/shlib/libsecurity.so) siad_getpwent=(BSD,libc.so) siad_getpwuid=(BSD,libc.so) siad_getpwnam=(BSD,libc.so) siad_setpwent=(BSD,libc.so) siad_endpwent=(BSD,libc.so) siad_getgrent=(BSD,libc.so) siad_getgrgid=(BSD,libc.so) siad_getgrnam=(BSD,libc.so) siad_setgrent=(BSD,libc.so) siad_endgrent=(BSD,libc.so) siad_ses_release=(OSFC2,/usr/shlib/libsecurity.so) siad_chk_user=(OSFC2,/usr/shlib/libsecurity.so) FILES
SIA configuration file RELATED INFORMATION
Commands: chfn(1), chsh(1), su(1), login(1), passwd(1), sialog(4), rshd(8), ftpd(8), secconfig(8), siacfg(8) Security delim off matrix.conf(4)
Check Out this Related Man Page
siad_chg_finger(3) Library Functions Manual siad_chg_finger(3) NAME
siad_chg_finger, siad_chg_password, siad_chg_shell - Dependent SIA change routines (Security Integration Architecture) LIBRARY
Standard C library (libc.so and libc.a) SYNOPSIS
#include <sia.h> #include <siad.h> int siad_chg_finger( int (*collect)(), char *username, int argc, char *argv[]); int siad_chg_password( int (*collect)(), char *username, int argc, char *argv[]); int siad_chg_shell( int (*collect)(), char *username, int argc, char *argv[]); PARAMETERS
collect The collect parameter is a pointer to an SIA collection routine. If this pointer is NULL, no collection is possible. The col- lect parameter should never be NULL. This parameter is read only. Further input on SIA collection routines is available from the interface specifications in /usr/include/{sia,siad}.h. username The username parameter is used when a precollected username is available. The username parameter either points to the precol- lected username or is set to NULL if no username exists. This parameter is read only. argc The argc parameter is the number of arguments used when invoking the calling command or utility. This parameter are read only. argv The argv parameter is the array of arguments used when invoking the calling command or utility. The argv[0] variable must always be set to the calling commands name. This is used for logging or auditing of the password change function. DESCRIPTION
siad_chg_finger() This routine is called by sia_chg_finger() to accomplish processing associated with the chfn command with respect to a specific security mechanism. Only one siad_chg_finger() routine is called. No sequencing of multiple security mechanisms is attempted. siad_chg_password() This routine is called by sia_chg_password() to invoke a specific mechanisms change password function. Only one siad_chg_password() routine is called. This routine accomplishes the process commonly associated with the passwd command. No sequencing of multiple security mecha- nisms is attempted. siad_chg_shell() This routine is called by sia_chg_shell() to accomplish processing associated with the chsh command with respect to a specific security mechanism. Only one siad_chg_shell() routine is called. No sequencing of multiple security mechanisms is attempted. RETURN VALUES
The siad_ses_*() routines return bitmapped values which indicate the following status: SIADSUCCESS Indicates unconditional success. All bits set to 0. SIADFAIL Indicates conditional failure. Lowest bit set to 1. If other security mechanism are in place, continue. SIADSTOP Indicates unconditional failure. Do not continue. Second lowest bit set to 1. ERRORS
The errno values are those returned from the dynamic loader interface, from the (siad_*) routines, or from malloc. Possible errors include resource constraints (no memory) and various authentication failures. FILES
/etc/passwd /etc/sia/matrix.conf RELATED INFORMATION
sia_chg_finger(3), matrix.conf(4) Security delim off siad_chg_finger(3)