KBI 220237 Argent UNIX Agent Security

Version

6.2A-0305

Date

13 Jun 2003

Summary

Argent provides two UNIX Agents, “UNIX Shell Script Agent” and “Secure UNIX Agent” for clients who may, or may not want to run Agents under the ROOT user account.

Technical Background

“UNIX Shell Script Agent” equates to TAGAGENT

  • Provides security via TCP/IP PORT selection (3061)

  • Provides security via ONLY specified IP address can communicate (Primary Engine IP)

“Secure UNIX Agent” equates to TAGSHELL

  • Provides security via TCP/IP PORT selection (3060)

  • Provides security via ONLY specified IP address can communicate (Primary Engine IP)

  • Provides security via UNIX user authentication – this feature requires that the service/process runs as ROOT user who is the only user allowed to access UNIX password file

Resolution

Dependant upon the UNIX Operating System version it may not be possible to run Secure UNIX Agent as a non-ROOT user.

This limitation is caused by UNIX allowing ONLY ROOT user to access the Password File.

In these scenarios ONLY Shell Script Agent can be used.