Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
111112113114115116117118119120
Concerns for the System Administration Team
Security Management Guide 522283-021
6 - 19
Securing Network Access
Securing Network Access
A network user ID is duplicated on interconnected nodes and provided with remote
passwords. Network user IDs allow users to transfer or access information across the
network. Network user IDs also allow applications to provide similar access on behalf
of users. For example, the Transfer product (upon which the PS MAIL product is built)
uses a special network user ID to transfer information between nodes on behalf of
users, without requiring that the IDs be network user IDs.
Creating a Network User ID
The general procedure for creating a network user ID follows:
1. Establish identical user names and user IDs on all nodes to be accessed by the
network user.
2. Log on to each user ID on each node and establish both a local password (which
should be different for each node) and a set of remote passwords. For a given
user, all remote passwords designating a given node must be identical. For
example, all remote passwords that designate node \SYS1 must be identical, and
all remote passwords that designate node \SYS2 must be identical. However, the
remote passwords designating \SYS1 should differ from those designating \SYS2.
3. Instruct the user (or the owner of the application if the network user ID is strictly for
an application) to log on to each node and select a new p
assword in accordance
with the password guidelines.
For more information about this operation, see the Safeguard Administrator’s Manual
and the Expand Network Management Guide.
The Safeguard software also supports the use of user aliases for network access, as
described in the Safeguard Reference Manual.
Table 6-1. Sample Operator Access Requirements
Operation Frequency Access Needed
Periodic backups Routine Read access to all files, physical access to backup
t
apes
File restores As needed Physical access to backup tapes, write access to
vo
lume and subvolume, purge access to the file
Spooler
manage
ment
As needed Super-group ID
Abort processes Emergencies Super-group ID
Manage user IDs As needed Security administrator