Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
131132133134135136137138139140
Concerns for the System Administration Team
Security Management Guide522283-008
7-16
Creating a Network User ID
Creating a Network User ID
The general procedure for creating a network user ID follows:
1. Establish identical user names and user IDs on all nodes to be accessed by the
network user.
2. Log on to each user ID on each node and establish both a local password (which
should be different for each node) and a set of remote passwords. For a given
user, all remote passwords designating a given node must be identical. For
example, all remote passwords that designate node \SYS1 must be identical, and
all remote passwords that designate node \SYS2 must be identical. However, the
remote passwords designating \SYS1 should differ from those designating \SYS2.
3. Instruct the user (or the owner of the application if the network user ID is strictly for
an application) to log on to each node and select a new password in accordance
with the password guidelines.
For more information about this operation, see the Safeguard Administrator’s Manual
and the Expand Network Management Guide.
The Safeguard software also supports the use of user aliases for network access, as
described in the Safeguard Reference Manual.
Managing the Network User IDs
Handling network user IDs requires careful planning and cooperation among (possibly)
geographically separated organizations. The Guardian environment requires that
network user IDs have the same user name and user ID on all affected nodes. This
condition requires advance networkwide planning.
You might reserve a range of group numbers (for example, 200 to 255) for network
user IDs, and assign network user IDs from these administrative groups. Then decide
on the networkwide names for those groups on an as-needed basis, maybe even
reserving a particular initial letter (such as N) for network groups. Also, you might
designate a particular organization to own each group name and group ID and make
that organization responsible for controlling the allocation of user IDs within its group.
Security Precautions
Treat a network user ID like a privileged ID because the network user has more access
than users confined to local nodes. If an intruder can access the ID, the intruder gains
access to virtually any N-secured file on the network, not just the N-secured files on the
nodes for which the user has matching remote passwords.