Manualshelf

G06.30 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Overview of Installing G06.30
G06.30 Software Installation and Upgrade Guide543764-002
1-43
Password Enhancements and OSS ACL Support
If you enable the new HMAC256 encryption option, each subsequently changed
password is encrypted using HMAC with the SHA256 algorithm and stored in
L/USERAX. Because earlier versions of the security products do not understand
HMAC, fallback requires extra steps. For additional information, see Fallback
Considerations for Password Encryption on page 1-44 and Fallback With Standard
Security (Safeguard Not Installed) on page 1-45. To assist fallback after PASSWORD-
ALGORITHM is set to HMAC256, the DES or clear-text version of each preexisting
password is retained in L/USERID. When users change their password, the old
password in L/USERID is marked as expired as of that date. For a new user added to
the system after the algorithm is changed to HMAC256, the password in L/USERID file
is deleted.
Support for OSS Access Control List
The G07 version of Safeguard and the G06 version of Standard Security are enhanced
to support the OSS Access Control List (ACL) feature. A new security group,
SECURITY-OSS-ADMINISTRATOR, and a new Safeguard configuration attribute,
AUDIT-CLIENT-OSS, are provided to support this feature.
Migration Considerations
Follow these migration steps:
1. Use VPROC to determine the current versions of:
OSMP
OSMON
SAFEART
SAFECOM
2. Back up current Safeguard files ($*.SAFE.* and $SYSTEM.SYSTEM.USERID).
3. Use SAFECOM to build an OBEY file to save the current policy. To create an
OBEY file, enter these SAFECOM commands:
TACL> safecom/out $system.saef.safevalu
=display as commands on
=info safeguard, detail
The output from these commands is retained in a file named SAFEVALU located in
$SYSTEM.SAFE.
4. Once the new Safeguard version is installed, run the OBEY file, SAFEVALU,
created in step 3 in SAFECOM.
Note. When migrating to the enhanced password feature, if you do not follow the preceding
migration steps or if you do not want to accept the new password configuration default values,
use SAFECOM to modify the appropriate attributes after the new version is installed.