When a EyeDB client command or application attempts to connect to the EyeDB server using a TCP connection, an access file is used to determine wheter the connection is authorized.
The location of the network access file is given by the access_file configuration switch, that can be specified either as a configuration variable in a configuration file or as an environment variable.
The syntax of this access file is the following:
comments: all characters following a # are skipped
access rule, composed of an IP address or subnet mask address, followed by a list of user authorizations, where a user authorization can be:
a EyeDB user name: the designated user is authorized to connect to the EyeDB server from the machine identified by address
a EyeDB user name prefixed by the ! character: the designated user is not authorized to connect to the EyeDB server from the machine identified by address
a EyeDB user name prefixed by the = character: the designated user will be used for any connection opened from the machine identified by address if no authentication is provided
a + character: any EyeDB user is authorized to connect from the machine identified by address
Example 2.10, “EyeDB server network access file” gives an example of a EyeDB server network access file.
Example 2.10. EyeDB server network access file
# All users are authorized from domain localdomain: .localdomain + # Any user, except user 'eyedbroot', are authorized from machine r2.somewhere.org: r2.somewhere.org + !eyedbroot # User 'joe' is authorized from domain ircam.fr: .ircam.fr joe # Users 'tom' and 'guest' are authorized from subnet mask 192.168.1.0; if no authenticatino is provided, user 'guest' is used: 192.168.1.0 tom =guest