Manualshelf

H06.06 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration
51525354555657585960
Overview of Installing the H06.06 RVU
H06.06 Software Installation and Upgrade Guide542652-002
1-36
Safeguard
Encryption
If PASSWORD-ALGORITHM is DES or PASSWORD-ENCRYPT is OFF, the password
(DES-encrypted or in clear text, respectively) is written to both the existing L/USERID
and the new L/USERAX files. This approach allows for direct fallback to prior versions
of Safeguard and Standard Security.
If you choose to enable the new HMAC256 encryption option, each subsequently
changed password is encrypted using HMAC with the SHA256 algorithm and stored in
L/USERAX. Because earlier versions of the security products do not understand
HMAC, fallback requires extra steps. For additional information, see Fallback in a
Safeguard Environment on page 1-37 and Fallback With Standard Security (Safeguard
Not Installed) on page 1-37. To assist fallback after PASSWORD-ALGORITHM is set to
HMAC256, the DES or clear text version of each preexisting password is retained in
L/USERID. When users change their password, the old password in L/USERID is
marked as expired as of that date. For a new user added to the system after the
algorithm is changed to HMAC256, the password in L/USERID file is deleted.
Migration in a Safeguard Environment
Follow these migration steps:
1. Use VPROC to determine the current versions of:
OSMP
OSMON
SAFEART
SAFECOM
2. Back up current Safeguard files ($*.SAFE.* and $SYSTEM.SYSTEM.USERID).
3. Use SAFECOM to build an OBEY file to save the current policy. To create an
OBEY file, do following in SAFECOM:
TACL> safecom/out $system.safe.safevalu
=display as commands on
=info safeguard, detail
The output from these commands is retained in a file named SAFEVALU located in
$SYSTEM.SAFE.
4. Once the new Safeguard version is installed, run the OBEY file, SAFEVALU,
created in step 3 in SAFECOM.
If you do not follow the preceding migration steps, after the new version is installed,
use SAFECOM to modify the appropriate attributes if you do not want to accept the
new default values.
For more details, see Chapter 10 of the Safeguard Administrator's Manual.