Manualshelf

G06.29 Release Version Update Compendium

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Manageability Products
G06.29 Release Version Update Compendium542946-001
6-2
Safeguard Support for OSS ACLs
To assist fallback after PASSWORD-ALGORITHM is set to HMAC256, the DES or
clear-text version of each preexisting password is retained in L/USERID. When you
change your password, the old password in L/USERID is marked as expired as of that
date. For a new user added to the system after the algorithm is changed to HMAC256,
the password in L/USERID file is no longer retained.
Safeguard Support for OSS ACLs
The G07 version of Safeguard and the G06 version of Standard Security support the
OSS access control lists (ACLs):
The new Safeguard security group, SECURITY-OSS-ADMINISTRATOR, like the
SECURITY-ADMINISTRATOR and the SYSTEM-OPERATOR security groups, is
managed through the SAFECOM and SPI commands. Members of the
SECURITY-OSS-ADMINISTRATOR security group have additional OSS security
management privileges over regular users, including the ability to change the
ownership and permissions of OSS files and directories. This group does not exist
until it is added to the Safeguard database.
Use the new Safeguard configuration attribute, AUDIT-CLIENT-OSS, to determine
whether OSS audit records are written to the Safeguard audit trail. This new
attribute allows you to configure the auditing of OSS related operations
independently of the existing AUDIT-CLIENT-SERVICE attribute, which currently
controls auditing for OSS and all other subsystem clients. A synonym, AUDIT-
CLIENT-GUARDIAN, is also created for the existing AUDIT-CLIENT-SERVICE
attribute and is used in all SAFECOM and SAFEART display outputs.
Migration in a Safeguard Environment
Follow these migration steps:
1. Use VPROC to determine the current versions of:
OSMP
OSMON
SAFEART
SAFECOM
2. Back up current Safeguard files ($*.SAFE.* and $SYSTEM.SYSTEM.USERID).
3. Use SAFECOM to build an OBEY file to save the current policy. To create an
OBEY file, perform these steps in SAFECOM:
TACL> safecom/out $system.safe.safevalu/
=display as commands on
=info safeguard, detail
The output from these commands is retained in a file name SAFEVALU located at
$SYSTEM.SAFE.