The method of authorizing users for remote command access on a target system depends on the authentication methods used. There is one type of authorization file for each authentication method supported in the SP system. The control workstation and the nodes which are configured for an authorization method maintain their own copy of that method's authorization file. For all methods, access is based on the contents of a file in the target user's home directory:
These authorization files for the root users are constructed such that:
If the authorization files already exist in the root user's home directory when you select the authorization method for the partition, the SP-generated entries will be added to the existing file and the existing authorization files will remain intact.
The root user's authorization files are initially created when one or more authorization methods are chosen for a partition. Whenever new nodes are installed in a partition, nodes are moved from one partition to another partition, configured for a different set of authorization methods, or nodes are removed from the system, the authorization files are automatically updated on:
Whenever a node boots, the /etc/rc.sp command executes on the node and ensures that the node's authorization files are current and the files are updated, if necessary.
See Chapter 2, Security features of the SP system if you need more information about security.