Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
What’s New in This Manual
Safeguard Administrator’s Manual—523317-013
viii
Changes to the H06.08 Manual
Changes to the H06.08 Manual
•
Added the new Safeguard attributes, PASSWORD-COMPATIBILITY-MODE, and
PASSWORD-MAXIMUM-LENGTH on page 2-2 and page 9-2.
•
Updated to address the OSS ACLs features for H-series support:
°
Managing Security Groups on page 6-1
°
Adding Security Groups on page 6-4
°
Transferring Security Group Ownership on page 6-5
°
Freezing and Thawing Security Groups on page 6-6
°
Deleting Security Groups and Group Members on page 6-7
°
AUDIT-CLIENT-GUARDIAN and AUDIT-CLIENT-OSS in Table 9-1 on page 9-3
°
Definition of AUDIT-CLIENT-GUARDIAN and AUDIT-CLIENT-OSS under
Configuring Client Auditing on page 9-18
°
Common Syntax Elements on page A-2
•
Added the description for PASSWORD-COMPATIBILITY-MODE on page 9-5 and
PASSWORD-MAXIMUM-LENGTH on page 9-6.
Changes to the H06.07 Manual
•
Added support for the multiple owners feature under:
°
OWNER-LIST and TEXT-DESCRIPTION attributes on page 2-6
°
Examples of the SHOW USER command on page 2-12 that shows the
TEXT-DESCRIPTION and OWNER-LIST attributes
°
Examples of the INFO USER command on page 2-12 that shows the
TEXT-DESCRIPTION and BINARY-DESCRIPTION-LENGTH attributes
°
$SYSTEM.SYSTEM.USERAX and $SYSTEM.SAFE.LUSERAX on page 10-8
°
OWNER-LIST and TEXT-DESCRIPTION attributes on page A-15
•
Updated the example with the ALL and NONE values on page 9-13
Changes to the G06.29 Manual
•
Added the SECURITY-OSS-ADMINISTRATOR information under:
°
Managing Security Groups on page 6-1
°
Adding Security Groups on page 6-4
°
Transferring Security Group Ownership on page 6-5
°
Freezing and Thawing Security Groups on page 6-6