KBI 220237 Argent UNIX Agent Security
Version
6.2A-0305
Date
13 Jun 2003
Summary
Argent provides two UNIX Agents, “UNIX Shell Script Agent” and “Secure UNIX Agent” for clients who may, or may not want to run Agents under the ROOT user account.
Technical Background
“UNIX Shell Script Agent” equates to TAGAGENT
- Provides security via TCP/IP PORT selection (3061)
- Provides security via ONLY specified IP address can communicate (Primary Engine IP)
“Secure UNIX Agent” equates to TAGSHELL
- Provides security via TCP/IP PORT selection (3060)
- Provides security via ONLY specified IP address can communicate (Primary Engine IP)
- Provides security via UNIX user authentication – this feature requires that the service/process runs as ROOT user who is the only user allowed to access UNIX password file
Resolution
Dependant upon the UNIX Operating System version it may not be possible to run Secure UNIX Agent as a non-ROOT user.
This limitation is caused by UNIX allowing ONLY ROOT user to access the Password File.
In these scenarios ONLY Shell Script Agent can be used.