Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Controlling User Access
Safeguard Administrator’s Manual—523317-013
2-3
ALTER SAFEGUARD Command
•
1
Password uppercase required, specifies whether a user's password will be
enforced to have at least one uppercase character
(PASSWORD-UPPERCASE-REQUIRED)
•
1
Password lowercase required, specifies whether a user's password will be
enforced to have at least one lowercase character
(PASSWORD-LOWERCASE-REQUIRED)
•
1
Password numeric required, specifies whether a user's password will be enforced
to have at least one numeric character (PASSWORD-NUMERIC-REQUIRED)
•
1
Password special character required, specifies whether a user's password will be
enforced to have at least one special character (non-alphanumeric character
except comma, semicolon, and double quote)
(PASSWORD-SPECIALCHAR-REQUIRED)
•
1
Password spaces allowed, specifies whether a user's password will be allowed to
have embedded spaces (PASSWORD-SPACES-ALLOWED)
•
1
Password minimum quality required, specifies the minimum number of quality
criteria that have to be met when a password is set or changed
(PASSWORD-MIN-QUALITY-REQUIRED)
•
Maximum number of consecutive failed logon attempts allowed before the
Safeguard software freezes the user ID or causes a timeout
(AUTHENTICATE-MAXIMUM-ATTEMPTS)
•
Timeout period to occur after a user exceeds the maximum number of failed logon
attempts (AUTHENTICATE-FAIL-TIMEOUT)
•
Freezing the user ID after a user exceeds the maximum number of failed logon
attempts (AUTHENTICATE-FAIL-FREEZE)
•
Blind (nondisplayable) passwords during logon (BLINDLOGON)
•
Mandatory use of user names instead of numeric user IDs during logon
(NAMELOGON)
•
Mandatory use of password by privileged users (such as the super ID) when they
are logging on as another user (PASSWORD-REQUIRED)
•
Auditing of all logon attempts (AUDIT-AUTHENTICATE)
•
Auditing of all attempts to manage user authentication records (AUDIT-SUBJECT-
MANAGE)
•
Grace period during which an expired password can be changed
(PASSWORD-EXPIRY-GRACE)
•
Exclusive terminal access for a user logged on at a Safeguard terminal
(TERMINAL-EXCLUSIVE-ACCESS)
1. Supported only on systems running H06.09 and later H-series RVUs.