Security Management Guide (G06.24+, H06.03+)
Concerns for the System Administration Team
Security Management Guide—522283-008
7-7
Managing Passwords
volumes named $SYSTEM and $DATA, and you plan to remove CLERK.CHRIS from
the system, you can find Chris’s files by entering these commands:
1> DSAP $SYSTEM, USER CLERK.CHRIS, DETAIL
.
(output from DSAP)
.
2> DSAP $DATA, USER CLERK.CHRIS, DETAIL
.
(output from DSAP)
.
To find OSS files owned by a specific user, use the find / -user command.
Reusing the User Name or User ID
After you remove a user ID from the system, do not reuse it immediately, especially if
user IDs that have never been used are available. A new user might inherit a previous
user’s privileges if these items remain in the system:
•
The old user ID as set up for network access, complete with matching remote
passwords
•
Files owned by the previous user
•
References to the old user ID in Safeguard access control lists
•
References to the old user ID in automated procedures (such as TACL macros or
command files)
Managing Passwords
A password prevents an intruder from using the system and allows the system to verify
that someone claiming to be a user is really that user. Password management
responsibilities, discussed in this subsection, include:
•
Requiring strong passwords (forbidding blank passwords)
•
Limiting the reuse passwords
•
Setting initial passwords
•
Enforcing routine password changes
Password Length
The Guardian environment permits blank passwords, but intruders might be aware of
this situation and use them to log on.
A Safeguard configuration attribute can be used to forbid blank passwords. For
example:
3> SAFECOM ALTER SAFEGUARD, PASSWORD-MINIMUM-LENGTH 36