IDA Pro3.1.3.初次配置（3.1.3.Initial configuration）

Hex-Rays Vault authentication
The Lumina server delegates authentication to the Hex-Rays Vault server. That is where the primary source of users
information is located.
Consequently, it is the exact same set of users, with the exact same credentials as those that are able to use the Hex-
Rays Vault server, that will be able to make use of the Lumina server.
Assuming Alice was registered in the Hex-Rays Vault server (and has admin rights), she should be able to use the lc
utility to perform operations on the Lumina server.
NOTE lc is the Lumina command-line administration client, which comes with the Lumina server installer. We
will assume the server has been installed in /opt/lumina/, and thus lc is present in /opt/lumina/lc.
>cd /opt/lumina
>./lc -hlumina.acme.com -ualice -psecr3t info
Hex-Rays Lumina Server v8.0
Lumina time: 2022-09-01 14:28:02, up since 2022-09-01 14:27:58
MAC address: 
Client name: alice *ADMIN*
Client host: 127.0.0.1
>./lc -hlumina.acme.com -ualice -psecr3t users
LastActive Adm Login License User name Email
------------------- --- ----- --------------- --------- --------------
2022-09-01 14:28:04 * alice AA-A11C-AC8E-01 Alice alice@acme.com
# Shown 1 results
"shadow" copy of users in the Lumina server
Although the authority for user management & authentication is the Hex-Rays Vault server, the Lumina server will need to
"shadow" that information for its own database to be in a coherent state.
Every time a user opens a new connection to the Lumina server it will in turn perform a call to the Hex-Rays Vault server
to authenticate the user against the provided credentials.
Depending on the success of that latter call, a "shadow" of the user will be recorded, updated, or deleted from the Lumina
server’s database.
NOTE Not everything is copied to the Lumina server’s shadow users table; in particular, the password hash
isn’t.
Useful environment variables
To facilitate using lc, you may consider defining the following environment variables:
export LUMINA_HOST=lumina.acme.com
export LUMINA_USER=alice
export LUMINA_PASS=secr3t
After that, you can connect to the server effortlessly. For example, this command will print information about the server
and the client:
>./lc info
Hex-Rays Lumina Server v8.0
Lumina time: 2022-09-01 14:28:02, up since 2022-09-01 14:27:58
MAC address: 
Client name: alice *ADMIN*
Client host: 127.0.0.1

...

Hex-Rays Vault认证

Lumina服务器将认证委派给Hex-Rays Vault服务器。主要的用户信息源就在那里。

因此，能够使用Hex-Rays Vault服务器的完全相同的用户组，以及具有完全相同凭据的用户，才能够使用Lumina服务器。

假设Alice在Hex-Rays Vault服务器中注册（并具有管理员权限），则应能够使用lc实用程序在Lumina服务器上执行操作。

注意，lc是Lumina命令行管理客户端，它随Lumina服务器安装程序一起提供。我们将假定服务器已安装在/opt/lumina/中，因此lc存在于/opt/lumina/lc中。

cd/opt/lumina

./lc-hlumina.acme.com-ualice-psecr3t info

Hex-Rays Lumina Server v8.0

Lumina time:2022-09-01 14:28:02,up since 2022-09-01 14:27:58

MAC address:

Client name:alice ADMIN

Client host:127.0.0.1

./lc-hlumina.acme.com-ualice-psecr3t users

LastActive Adm Login License User name Email

2022-09-01 14:28:04*alice AA-A11C-AC8E-01 Alice ACME Laboratories

Shown 1 results

Lumina服务器中用户的“阴影”副本

虽然用户管理和认证的权限归属于Hex-Rays Vault服务器，但Lumina服务器需要将该信息“阴影”到自己的数据库中，以使其数据库保持一致。

每次用户打开到Lumina服务器的新连接时，它将反过来调用Hex-Rays Vault服务器，根据提供的凭据对用户进行认证。

根据后者调用的成功与否，将从Lumina服务器的数据库中记录、更新或删除用户的“阴影”。

注意，并非所有内容都会复制到Lumina服务器的阴影用户表中；特别是密码哈希值不会被复制。

有用的环境变量

为了方便使用lc，您可以考虑定义以下环境变量：

export LUMINA_HOST=lumina.acme.com

export LUMINA_USER=alice

export LUMINA_PASS=secr3t

此后，您就可以轻松连接到服务器了。例如，此命令将打印有关服务器和客户端的信息：

./lc info

Hex-Rays Lumina Server v8.0

Lumina time:2022-09-01 14:28:02,up since 2022-09-01 14:27:58

MAC address:

Client name:alice ADMIN

Client host:127.0.0.1

...