Manualshelf

H06.09 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration
61626364656667686970
H06.09 Installation, Migration, and Fallback
Considerations
H06.09 Software Installation and Upgrade Guide544316-002
2-18
Migration in a Safeguard Environment
Migration in a Safeguard Environment
The following procedure is intended to handle any unexpected failures that might occur
during Safeguard migration. The procedure preserves the user/password database,
which is necessary to restore the original system user/alias database.
1. Use VPROC to determine the current versions of:
OSMP
OSMON
SAFEART
SAFECOM
2. Back up current Safeguard files ($*.SAFE.*, $SYSTEM.SYSTEM.USERID, and
$SYSTEM.SYSTEM.USERAX).
3. Use SAFECOM to build an OBEY file to save the current policy. To create an
OBEY file, do the following in SAFECOM:
TACL> safecom/out $system.safe.safevalu
=display as commands on
=info safeguard, detail
The output from these commands is retained in a file named SAFEVALU located in
$SYSTEM.SAFE.
4. Once the new Safeguard version is installed, run the OBEY file, SAFEVALU,
created in step 3 in SAFECOM.
If you do not follow the preceding migration steps and you do not want to accept the
new default values, then after the new version is installed, use SAFECOM to modify
the appropriate attributes.
For more details, see Chapter 10 of the Safeguard Administrator's Manual.
Fallback in a Safeguard Environment
Because of the new password encryption algorithm, fallback requires advance
planning.
In all cases, fall back to the previous version of security software.
If PASSWORD-ENCRYPT is OFF or PASSWORD-ALGORITHM is set to DES, no
extra fallback steps are required.
If PASSWORD-ENCRYPT is HMAC256, extra fallback steps are required. When users
first change their password after HMAC256 is enabled, they must remember their
immediate previous password. This is especially important for the system
administrator. After installing the previous version of Safeguard and Standard Security:
1. Before starting Safeguard, the system administrator must log on with the old super
ID password. The old password is the one used before the algorithm was changed
to HMAC256.