Abstract: A system and method for managing multiple server computer systems on a computer network. The functions of a central management server are distributed to multiple daemons executing independently of each other on one or more computer systems. Distributing the functions of the central management server to separate multiple daemons substantially improves the reliability of a multi-server management application.

Abstract: A method and apparatus for dynamically storing objects of an object-oriented programming application in a LDAP repository so that useful information from the objects may be read by other applications are disclosed. Embodiments of the method preferably comprise dynamically determining persistent attributes, which are a subset of each object's attributes, for each object being stored and mapping the persistent attributes to LDAP attributes in the LDAP repository. Embodiments of the invention preferably comprise a persistent data manager that is a component of the object-oriented programming application and that acts as an interface to the LDAP repository, storing objects in the LDAP repository when requested. The objects may be Java objects.

Abstract: A method and apparatus for delegating root access to non-root users of a computer system while maintaining computer system security are disclosed. Such a method may include authorizing a role for a user, wherein the authorized role includes one or more tools and the tools enable root access for certain tasks that the tools perform when run, whereby the one or more tools are delegated to the user and authorizing a machine of the computer system for the authorized role, wherein the computer system comprises a plurality of machines and the user is enabled to utilize the authorized role only on authorized machines, whereby utilizing the authorized role comprises running the one or more tools of the authorized role. Embodiments of the invention may comprise authorization objects that comprise attributes identifying a user and the roles and machine for which the user is authorized.

Abstract: A method and system for persisting and recovering security keys in order to authorize access to a network system is disclosed. Certain security keys are read from a file with root as the effictive user id in order to enable the reading of the keys. The certain security keys are placed into a local cache by the read process. If there are no errors in the read process, the certain security keys will preferably include a private key. If the private key is not in the cache (e.g., because there was an error in the read process) the authorization fails.

Abstract: Binding processes in a network system involves monitoring the status of RMI processes by running a thread associated with a parent process. Each parent process in the network system is associated with a watchdog object that initiates a thread, the thread monitoring the status of RMI processes. If the thread determines that its associated parent process is not bound with an active RMI process, the thread automatically rebinds its parent process with an active RMI process.

Abstract: A service control manager (SCM) tool execution mechanism enables SCM users to execute SCM tools across a set of defined distributed nodes (systems). It provides a secure mechanism, referred to a distributed task facility (DTF), to integrate different operations and execute the operations across the set of distributed nodes.

Abstract: Role based authorization in a service control manager (SCM) module may allow a system administrator to delegate responsibility to other users by assigning tool based roles to these users on some system so they have full access to such system. To ensure system security, after receiving a request from a user to run a tool on a set of target nodes, an SCM security manager may need to check whether the user is authorized to run the tool on the target nodes. For every target node requested, the security manager may need to check whether the user is authorized on the node, and whether the user is authorized for one of the tool's enabled roles on the node. If the user is not authorized on each of the nodes requested, or is not authorized for any of the tool's enabled roles, the tool is not runnable by the user.

Abstract: A method and software component for inquiring about security relationships is disclosed. The method and software component perform class instantiations and method invocations necessary to retrieve security relationship information for display to a user. The method and software component may perform various manipulations of the security relationship information. The manipulations may comprise eliminating duplicate security relationship information. The method and software component enable a graphical user interface (“GUI”) to avoid being cluttered with the necessary coding to retrieve the security relationship information. Instead, the GUI may simply invoke a function of the software component to retrieve the security relationship information.

Abstract: Independent tool integration uses existing mechanisms, software distributor (SD) commands and a common file directory, to integrate software products without the need to inform the base product beforehand about the new product's software tool definition. The software products may also be automatically updated without the base product having to change.

Abstract: A system and method for enabling the efficient accessing of Java objects and methods by legacy GUIs is disclosed. The system and method provide a base proxy object that encapsulates the JNI APIs necessary for calling Java methods across the JNI boundary. Legacy proxy objects proxy the Java objects and enable legacy GUIs to issue method requests as if the legacy proxy objects were fully functional objects. The legacy proxy objects receive method requests from the GUIs and call base proxy object methods that in turn make the necessary JNI API calls to call Java methods.

Abstract: A method and apparatus for managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, are disclosed. Such a method and apparatus may include delegating tools to a user based on a role, wherein a tool provides root access for performing a specific task in the computer system and the role is an authorized role that enables the user to run the delegated tools, identifying one of the plurality of roles to be disabled, wherein the identified role is the authorized role, accessing the identified role, and, disabling the identified role so that the user cannot run the delegated tool(s). Disabled roles may likewise be enabled according to a disclosed method and apparatus. Embodiments of the invention may comprise authorization objects that comprise attributes identifying the roles and machine for which a user is authorized.

Abstract: A method and apparatus for mapping of procedural code to object-oriented classes is disclosed. A mapping layer in an object-oriented programming language process space that maps procedural method calls to object-oriented class instantiations and remote method invocations according to an embodiment of the present invention is disclosed. The mapping layer preferably is utilized for accomplishing persistent changes to the object-oriented classes. The mapping layer preferably comprises entry-points that are methods, which may be invoked by procedural graphical user interface callback code.

Abstract: A service control manager (SCM) module may, through a light weight centraized authorization process, assign certain tools to a role so that a non-root user with such role may run the authorized commands specified in the tools as a root user. The usage of these commands is tracked and logged, typically by a log manager who observes each of the commands that are run within the role. If the non-root user tries to run a command that is not assigned to the role, the log manager may block that attempt. Therefore the lightweight authorization may be achieved without compromising security. The user may also be given a finer granularity of running specific commands and options. In addition, the non-root user with the role may only need to be authorized on one node (machine) to be able to perform the commands on multiple nodes.

Abstract: A system and method for porting a software application from a native object oriented programming system to a target object oriented programming system is presented. The native object oriented programming system includes an application framework layer built on a set of defined native foundation classes and an operating system layer running a native operating system. The target object oriented programming system also includes an application framework layer and an operating system layer. However, the application framework layer is built on a different set of foundation classes and the target operating system is different than the native operating system.