SNAX/APC Configuration and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

Planning for SNAX/APC

SNAX/APC Configuration and Management Manual—138787

2-12

SNAX/APC Security

When the SCF TPN definition of a server TP includes the SECURITYREQUIRED

attribute with the value USER, each and every remote client TP that will access that

server must be defined as follows:

•

In SNAX/APC, the SCF PTNR-LU definition for the client TP must include the

LOCAL-LU-SECURITY-ACCEPTANCE attribute with a value of either CONV or

ALREADYVERIFIED.

•

In Safeguard, a user ID and password must be defined for the client TP using the

SAFECOM command ADD USER. Optionally, an alias may be defined using the

SAFECOM command ADD ALIAS. Information about these SAFECOM

commands is given in the Safeguard Reference Manual under User Security

Commands and User Alias Security Commands.

The Security Server

The security server is a component of SNAX/APC. The security server is a separate

process that runs as a privileged process so that it will not be suspended in the event of a

security validation failure. The security server functions as an intermediary between

SNAX/APC and the security manager. SNAX/APC passes validation requests to the

security server, and the security server issues the required procedure calls to the security

manager.

From the point of view of the SNAX/APC user, the security server is largely hidden

from view. SNAX/APC starts and stops the security server without any user

intervention. The interface between SNAX/APC and the security server is private to

Tandem and is not documented.

If SNAX/APC is started using the startup parameter, SECURITYMANAGER

SAFEGUARD, the security server is started when SNAX/APC receives the first Attach

request that requires security manager services. Once started, the security server runs

until SNAX/APC is stopped.

Server Conversation-Level Security Configuration and Control

The SNAX/APC user controls conversation-level security for each server transaction

program by:

•

Specifying Safeguard as the security manager using the SNAX/APC startup

parameter, SECURITYMANAGER, when SNAX/APC is started. If None is

specified or the SECURITYMANAGER parameter is not specified, the security

server will not be started and security checking cannot be performed by the security

manager.

•

Selecting the type of security information the local SNAX/APC LU accepts from the

remote LU. Using the SCF PTNR-LU attribute, LOCAL-LU-SECURITY-

ACCEPTANCE, the choices are NONE, user ID and password (USER), or either a

user ID and password pair or only a user ID with the already-verified indicator

(ALREADYVERIFIED).

•

Selecting the type of security tests that requests must pass to access a particular

server TP. Using the SCF TPN attribute, SECURITYREQUIRED, the choices are

NONE or user authentication (USER).