Authorization file (auth.conf) characteristics
By default, the authorization file or auth.conf file grants access for the following:
On NetBackup servers | Administrator applications and capabilities for the root user. User backup and restore capabilities for all other users. |
On NetBackup clients | User backup and restore capabilities for all users. |
Windows NetBackup servers |
Use this template file to create an |
UNIX NetBackup servers |
Contains the following entries: root ADMIN=ALL JBP=ALL * ADMIN=JBP JBP=ENDUSER+BU+ARC |
Configure the auth.conf file as follows:
If the auth.conf file exists, it must contain an entry. Provide an entry for each user or use an asterisk (*) to indicate all users. Users without entries in the file cannot access any NetBackup applications.
Entries for specific users must be listed first, followed by any entries with an asterisk (*).
Use the first field of each entry to indicate the user name that is granted or denied access rights. Use an asterisk to indicate any user name.
The remaining fields specify the specific access rights for the user or users. You cannot use an asterisk (*) authorize all users for all applications. Each user (or all users) must have specific application keywords. To deny all capabilities to a specific user, do not provide any keywords for the interface. For example:
mydomain\ray ADMIN= JBP=
ADMIN keyword | Specifies the applications that the user can access. ADMIN=ALL allows access to all NetBackup applications and the related administrator-related capabilities. See About authorizing nonroot users for specific applications. |
JBP keyword | Specifies what the user can do with the Backup, Archive, and Restore client application (jbpSA). JBP=ALL allows access to all Backup, Archive, and Restore capabilities, including those for administration. See About authorizing specific tasks in the Backup, Archive, and Restore user interface. |
Asterisk (*) | An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. The second line of the released version contains an asterisk in the first field. The asterisk means that NetBackup validates any user name for access to the Backup, Archive, and Restore client application jbpSA. JBP=ENDUSER+BU+ARC allows users to back up, archive, and restore files only. |
The credentials that are entered in the logon screen must be valid on the computer that is specified in the host field. The NetBackup application server authenticates with the specified computer. The user name is the account used to back up, archive, or restore files. To perform remote administration or user operations with jbpSA, a user must have valid accounts on the NetBackup UNIX server or client computer. The Backup, Archive, and Restore application (jbpSA) relies on system file permissions of when to browse directories and files to back up or restore.
The password must be the same password that was used upon logon at that computer. For example, assume you log on with the following information:
username = joe password = access
You must use this same user name and password to log into NetBackup.
You can log on to the NetBackup application server under a different user name than the name used to log on to the operating system. For example, if you log on to the operating system with a user name of joe, you can subsequently log on to jnbSA as root.
Upon exit, some application state information is automatically saved in the directory of joe $HOME/.java/.userPrefs/vrts directory. (For example, table column order.) The information is restored the next time you log on to the operating system under account joe and initiate the NetBackup application. This logon method is useful if there is more than one administrator because it saves the state information for each administrator.
Note:
NetBackup creates a user's $HOME/.java/.userPrefs/vrts directory the first time an application is exited. Only NetBackup applications use the .java/.userPrefs/vrts directory.