VCS has 2 ways it can be installed in regards to Authentication. One is by using VCS username/passwords that are stored in the main.cf file (passwords encrypted, of course).
The other way is VCS using the Symantec Product Authentication Service (abbreviated SPAS; now that's good marketing), which was previously known as VxSS (Veritas Security Services). This allows for VCS to use authentication that's integrated to some form of LDAP or other security model (AD, NIS, NIS+, passwd files, etc) In other words: single-sign on. You are already logged into the system, so you can already run VCS commands because you've done the Authentication part (VCS still handles the Authorization: i.e. what you are allowed to do).
If you are interested in this, there is a bunch of documentation on this, including some Symantec Yellow Books on the topic of Authentication and Authorization. I think most of the examples target NetBackup, but the concept is still similar (and NBU is more complicated than VCS in this regards anyways). Check here: http://www.symantec.com/business/theme.jsp?themeid=yellowbooks
Note that this second method is definitely a bit of an investment in time, and adds some amount of complexity to the environment.
