3.4 Acquiring eDirectory Security Equivalence Vectors for NSS Users

The Security Equivalence Vector (SEV) is calculated for each NSS user based on information in the user’s profile in eDirectory. NSS validates the user’s SEV against the trustee rights of the directory and file the user is attempting to access.

In OES, SEVs are acquired differently for NSS on Linux than they are for NSS on NetWare.

For NSS on NetWare, whenever a user connects to the NSS file system, NetWare retrieves the user’s SEV from eDirectory and maintains it as part of the connection structure for the user’s session. NSS automatically retrieves the user’s SEV from the connection structure.

For NSS on Linux, whenever a user first connects to the NSS file system after reboot, NSS caches the SEV locally in the server memory, where it remains until the server is rebooted or unless the user is deleted from eDirectory. NSS polls eDirectory at a specified interval for updates to the SEVs that are in cache. Command line switches are available in the NSS Console utility (nsscon) to enable or disable the update, to set the update interval (5 minutes to 90 days), and to force an immediate update of security equivalence vectors. For information, see Security Equivalence Vector Update Commands in the OES 2015 SP1: NSS File System Administration Guide for Linux.