Description

If it appears that BoKS is not enforcing access controls and allows users to log in without having the appropriate Access Routes, BoKS may not have been activated in the correct way on the server.


Resolution / Workaround

When BoKS is not enforcing Access Routes locally on a server, the first thing to check is whether BoKS protection is activated by confirming that the variable SSM_ACTIVE=true in the $BOKS_etc/ENV file.

If it is not, the solution is to activate BoKS by running:

sysreplace activate

If SSM_ACTIVE=true and BoKS is still not enforcing Access Routes, BoKS may not have been activated in the correct way on the server;

BoKS must always be activated/deactivated by running the sysreplace command from a BoKS prompt:

BoKS # sysreplace activate

BoKS # sysreplace deactivate

When running sysreplace, BoKS is not merely setting the SSM_ACTIVE variable but, depending on Operating System, may also rename and replace binaries and directories such as /etc/pam.d/.

Therefore, it is important to know that BoKS can never be activated/deactivated by merely setting the SSM_ACTIVE variable!

If there is reason to believe that BoKS was incorrectly activated by merely setting the variable, it is best to deactivate and then reactivate BoKS using the sysreplace command.

Note: The sysreplace arguments replace/restore will have the same effect as activate/deactivate.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018