Resolve Names
Several tokens in the [seosd] section of the seos.ini file (including GroupidResolution, HostResolution, ServiceResolution, and UseridResolution) control how performs name resolution. Setting these tokens appropriately improves performance.
capamsc141
Several tokens in the [seosd] section of the seos.ini file (including GroupidResolution, HostResolution, ServiceResolution, and UseridResolution) control how
Privileged Access Manager
performs name resolution. Setting these tokens appropriately improves performance.Alternatively, you can create a lookaside database (instead of using system name resolution). To improve performance, select the lookaside database option. Tokens for this feature include the lookaside_path and use_lookaside.
For more information about these tokens, see the seos.ini initialization file in the
Reference Guide
.Whenever
Privileged Access Manager
must perform UID to username, GID to groupname, ipaddr to host name, and port to service translations, it may have an impact on Privileged Access Manager
performance. How Privileged Access Manager
performs these translations depends on the value of certain tokens in the seos.ini file--in particular, the under_NIS_server, use_lookaside, GroupidResolution, HostResolution, ServiceResolution, UseridResolution, and resolve_timeout tokens.When native operating system mechanisms perform the resolution, the impact on system performance is relatively small. When translating ipaddr to host name, an external mechanism such as DNS must perform the translation. This may result in significant degradation of system performance. This degradation occurs because, while seosd is waiting to receive the host name, all other processes that
Privileged Access Manager
has intercepted must also wait until seosd completes its processing.- If you set the value of the under_NIS_server token to no, seosd allows UNIX to translate UID, GID, IP addresses, and port numbers by taking data from the following sources:
Type of Station | Source |
Stand-alone | seosd uses the following files for translations:
/etc/passwd for UID to user name
/etc/group for GID to group name
/etc/hosts for IP address to host name
/etc/services for service ports to service names |
NIS client | The source of the information varies, depending on the operating system and its version number. The information is usually taken from /etc files and the NIS server. However, in some systems, the /etc files are not the source and the order in which translation is made is changed during system configuration. For instance, in the Solaris 2.x system the file /etc/nsswitch.conf determines the translation order. |
DNS client | Translation for users, groups, and services is performed using /etc files. Host names are translated by calls to the DNS server and, on some systems, the /etc/hosts file is also read. |
NIS and DNS clients | The ipaddr to host name translation is performed by DNS. For user, group, and service translations, the translations are performed in the same way as NIS client translations. |
- If you set the value of the under_NIS_server token to yes, seosd performs its own translations. If seosd caches data for its translations, the sources of its data are as follows:
Type of Station | Source |
NIS server | The server machine usually behaves as both server and client, and consults the NIS server daemon for any type of translation. The files which contain the sources of the NIS resolution maps are usually located in /var/yp, but the location may vary, depending on the site configuration, and the type and version of the operating system. |
DNS server | The source of the information used for translation depends on the configuration of the site. DNS does not have an option to scan its resolution database; therefore, Privileged Access Manager cannot use caching, and must use a look-aside database. You must configure the look-aside database so that the utility sebuildla uses a host list file. For more information, see sebuildla in this chapter. |
all others | Same as DNS server. |
In versions 2 and higher of
Privileged Access Manager
, seosd can also use the tokens GroupidResolution, HostResolution, ServiceResolution, UseridResolution, and resolve_timeout to control the translation process. For more information about these tokens, see the Reference Guide
.