Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
41424344454647484950
to the owner of the executable file. For example, the cancel command is part of the
lp subsystem and runs as effective user lp.
When the setuid is set, the security mediation of that subsystem enforces the security
of all programs encompassed by the subsystem, not the entire system. Hence, the
subsystem vulnerability to a breach of security is also limited to only those subsystem
files. Breaches cannot affect the programs under different subsystems. For example,
programs under lp do not affect those under daemon.
2.4.7 Secure Login with HP-UX Secure Shell
The HP-UX Secure Shell provides secure remote login, file transfer, and remote command
execution. All client-server communication is encrypted. Passwords going across the
network are never sent in clear text. For more information, see ssh(1) and Section 4.6.
2.4.8 Securing Passwords Stored in NIS
The Network Information Service (NIS) is part of the Network File System (NFS). NIS
enables configuration administration of several hosts from a central location, a master
server. Instead of having host configurations stored separately on each host, the
information is consolidated onto a central location. The /etc/password file is among
the several configuration files stored on the NIS server.
The /etc/shadow shadow password file is not supported on NIS.
See the NFS Services Administrator's Guide for information about NIS.
2.4.9 Securing Passwords Stored in LDAP Directory Server
LDAP-UX Client Services interoperates with PAM to authenticate passwords stored on an
LDAP directory server. The PAM_LDAP library provides the authentication service.
2.5 Defining System Security Attributes
Security attributes provide additional control of system configurations, adding security
enhancements to passwords, logins, and auditing.
There are more than 20 attributes. These attributes are described in security(4) . The
categories of attributes are summarized as follows:
Login attributes These attributes control login activities, such as
login times, number of logins allowed, and the
number of login failures allowed before locking
and account.
Password attributes These attributes control password activities, such
as password length, number of characters and
their types, history depth, number of days to
change a password, and password expiration.
46 Administering User and System Security