How does STAF connect to a remote machine

Help
2013-01-17
2013-06-12
  • Rahul Karmshil
    Rahul Karmshil
    2013-01-17

    Hi All,

    I was trying to understand from the source code how STAF connects and executes a command on a remote machine. Being a C++ noob, i got lost in the code and couldn't make much sense.

    What i am trying to understand is:

    Does STAF uses SSH to connect and execute or there is something else? How is command passed between the two machines?

    Then i have additional questions on top of the first one:
    How does the authentication work then? Does STAF create a user for itself when we install it? If it is a user, then how does the trust level work?

    I tried searching the forum, but couldn't find a relevant thread. Please point me to an already existing thread if i missed it.
    If someone can explain this, it'll be a great help.

    Thanks!

     
  • Sharon Lucas
    Sharon Lucas
    2013-01-17

    No, STAF does not use SSH to connect to a remote system.  STAF uses TCP/IP to connect to remote systems.  STAF supports both secure and non-secure TCP/IP communication on most platforms.  See section "4.3 Network Interfaces" in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#HDRNETWORKCFG for more information on the STAFTCP network interface.

    STAF does not create a user for itself when it is installed.

    See section "2.5 Security" in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#HDRTRSTCON which says:

    "Security in STAF can be defined at the machine level and/or the user level. In other words, you grant access to machines and/or to userids. Access in STAF is granted by specifying a certain trust level for a machine or user, where trust level 0 indicates no access and trust level 5 indicates all access. Each service in STAF defines what trust level is required in order to use the various functions the service provides."

    For more information about the STAF Trust service, see Section "8.20 Trust Service" in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#HDRTRUSTSRV.  You can set trust levels for machines or users in the STAF.cfg file or you can set trust levels dynamically via the Trust service.  For more information about setting trust levels in the STAF.cfg file, see section "4.9 Trust" in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#HDRTRUSTCFG. For example:

    TRUST DEFAULT LEVEL 3
    TRUST LEVEL 5 MACHINE local://local
    TRUST LEVEL 5 MACHINE client1.austin.ibm.com MACHINE client3.raleigh.ibm.com
    TRUST LEVEL 5 MACHINE 9.3.224.16
    TRUST LEVEL 3 MACHINE tcp2://9.3.224.*
    TRUST LEVEL 2 MACHINE *.austin.ibm.com
    TRUST LEVEL 5 USER John@company.com USER Jane@company.com
    TRUST LEVEL 0 USER badguy@company.com
    TRUST LEVEL 3 USER *@company.com
    TRUST LEVEL 4 USER SampleAuth://*@company.com

    Generally, most people use machine authentication.  To specify user authentication in STAF trust levels requires that an authenticator be registered in your STAF.cfg files.  Authenticators are special external services whose purpose is to authenticate users in order to provide user level trust, which can be used in addition (or instead of) machine level trust. An Authenticator is a special service that accepts an authenticate request. See section "4.6 Authenticator Registration" in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#Header_53 for more information on how to register an authenticator.  A sample authenticator service is provided by STAF to allow you to experiment with using user security (it can be downloaded from http://staf.sourceforge.net/getcurrent.php and is available as a jar file called AuthSampleV300.jar).  You can write your own authenticator but this is a more advanced thing to do.