Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Index
Safeguard Administrator’s Manual—523317-013
Index-4
O
Network users
aliases as 2-32
defined 2-26
establishing 2-29
granting access to objects 2-28
identifying 2-27
managing with SAFECOM
commands 2-27
managing with standard security 2-27
remote passwords for 2-28
O
Object database 10-1
OBJECTTYPE attributes 5-1
OBJECTTYPE auditing 5-6
OBJECTTYPE commands 5-3
OBJECTTYPE DEVICE 5-1
OBJECTTYPE DISKFILE 5-1
OBJECTTYPE OBJECTTYPE 5-1, 5-5
OBJECTTYPE PROCESS 5-1
OBJECTTYPE SUBDEVICE 5-1
OBJECTTYPE SUBPROCESS 5-1, 5-4
OBJECTTYPE SUBVOLUME 5-1
OBJECTTYPE USER 5-1, 5-4
OBJECTTYPE VOLUME 5-1
operations 6-1
OSIMAGE file 10-5, 10-6
OWNER attribute for user authentication
record 2-6
OWNER authority 6-6
Owner of user record
capabilities of 2-6
changing 2-15
OWNER-LIST attribute 2-6
P
PASSWORD 9-4, 9-6
Password 9-6
changing at logon 7-2
Password 9-6 (continued)
changing with PASSWORD
program 2-19
compatibility mode 9-5
encryption 9-5
expiration 2-20, 9-6
expiration grace 2-22, 9-5
immediate expiration 2-22
maximum length 9-6
minimum length 9-5
permission to change 9-6
requiring periodic change 2-19
PASSWORD attribute 2-6
PASSWORD program 2-20
PASSWORD-ALGORITHM 9-4
PASSWORD-COMPATIBILITY-MODE 9-5
PASSWORD-EXPIRES attribute 2-6, 2-22
PASSWORD-EXPIRES date 2-20, 9-8
PASSWORD-EXPIRY-GRACE
attribute 2-6, 2-22, 9-6
PASSWORD-LOWERCASE-
REQUIRED 9-7
PASSWORD-MAXIMUM-LENGTH 9-6
PASSWORD-MAY-CHANGE attribute 2-20,
9-8
PASSWORD-MIN-QUALITY-
REQUIRED 9-7
PASSWORD-MUST-CHANGE
attribute 2-6
, 2-19
PASSWORD-NUMERIC-REQUIRED 9-7
PASSWORD-SPACES-ALLOWED 9-7
PASSWORD-SPECIALCHAR-
REQUIRED 9-7
PASSWORD-UPPERCASE-
REQUIRED 9-6
PIN considerations
for SAFECOM 10-3
for the SMP 10-3
Planning for security 1-3
Policy, security 1-2
Previous RVU, returning to 10-10
PRIMARY-GROUP attribute 2-10