Expand Configuration and Management Manual (G06.24+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

521

522

523

524

525

526

527

528

529

530

Managing the Network

Expand Configuration and Management Manual—523347-008

19-11

Remote Super ID User

NET.WEST is established at each node of the subnetwork, and a password scheme

like the one used in the previous example allows certain users to log on as NET.WEST.

Subnetworks implemented in this manner can overlap or include one another.

\CHICAGO might be accessible from \NEWYORK by logging on as NET.EAST, and

from \PHOENIX by logging on as NET.MIDWEST. Similarly, each system in the

network might have a user called NET.GLOBAL, who is allowed to access every other

node.

Remote Super ID User

On a single system, a super ID user can access any file. On a network, the capabilities

of the super ID can be local, global, or somewhere in between local and global as

follows:

•

To make the super ID exclusively a local super ID user, do not issue

REMOTEPASSWORD commands for the super ID at any node.

•

To make the super ID a global super ID, issue REMOTEPASSWORD commands

(as described in Global Remote Passwords on page 19-10) at every node, and

give every super ID the same password.

In this case, if a disk file is secured A, G, O, or -, a remote super ID user can still

gain access to the file by running the TACL program on that system and logging on

as the local super ID.

•

To make the super ID capabilities somewhere between a local and global super ID

user, issue REMOTEPASSWORD commands (as defined in “Global Passwords”)

at every node, but give each super ID a distinct password.

Thus, any disk file can be protected from remote access by giving it A, G, O, or -

security. (The remote super ID can then access files security N, C, or U.) A remote

super ID cannot log on as a local super ID user because the password for the local

super ID is unknown.

Additional Security Techniques

The Safeguard security system extends the security offered by the NonStop™ Kernel.

Safeguard does not need to be installed on every system on the network and can be

controlled by a single system. Safeguard adds the following features:

•

User aliases

•

File-sharing groups

•

Multiple group membership for users and user aliases

•

Further user authentication such as expiration dates, temporary suspension, and

forced password-change intervals

•

Authorization access to all objects including files, devices, named processes, and

disks using access control lists