Expand Configuration and Management Manual (H06.21+, J06.10+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

521

522

523

524

525

526

527

528

529

530

Managing the Network

Expand Configuration and Management Manual — 529522-013

18 - 11

Subnetwork Security

managers. The local password is different for each node and is given only to users

who are allowed to access all nodes on the network.

Only users who know the local password can log on as NET.ACCESS. While logged

on as NET.ACCESS, these users can access remote files. For example, this command

allows users to access remote files secured for access by NET.ACCESS:

LOGON NET.ACCESS, local-password

Subnetwork Security

In a large network, it is sometimes desirable to allow users to access some nodes but

not others. For example, users on system \SANFRAN are allowed to access nodes

\LA, \SEATTLE, and \CUPRTNO but not the \NEWYORK and \CHICAGO nodes.

In this case, the preceding examples can be extended to allow access to any number

of subnetworks (that is, any collection of individual nodes). A user such as

NET.WEST is established at each node of the subnetwork, and a password scheme

like the one used in the previous example allows certain users to log on as NET.WEST.

Subnetworks implemented in this manner can overlap or include one another.

\CHICAGO might be accessible from \NEWYORK by logging on as NET.EAST, and

from \PHOENIX by logging on as NET.MIDWEST. Similarly, each system in the

network might have a user called NET.GLOBAL, who is allowed to access every other

node.

Remote Super ID User

On a single system, a super ID user can access any file. On a network, the capabilities

of the super ID can be local, global, or somewhere in between local and global as:

•

To make the super ID exclusively a local super ID user, do not issue

REMOTEPASSWORD commands for the super ID at any node.

•

To make the super ID a global super ID, issue REMOTEPASSWORD commands

(as described in Global Remote Passwords on page 18-10) at every node, and

give every super ID the same password.

In this case, if a disk file is secured A, G, O, or -, a remote super ID user can still

gain access to the file by running the TACL program on that system and logging on

as the local super ID.

•

To make the super ID capabilities somewhere between a local and global super ID

user, issue REMOTEPASSWORD commands (as defined in “Global Passwords”)

at every node, but give each super ID a distinct password.

Thus, any disk file can be protected from remote access by giving it A, G, O, or -

security. (The remote super ID can then access files security N, C, or U.) A remote

super ID cannot log on as a local super ID user because the password for the local

super ID is unknown.