HP-UX Role-Based Access Control B.11.31.04 Release Notes



Similar documents
HP WBEM Services Software Developer's Kit Version A Release Notes. HP-UX 11i v3

Event Monitoring Service Version A Release Notes

Using HP-UX Role-Based Access Control

HP WBEM Services Software Developer s Kit, Version A.02.00, Release Notes

HP Education Services

RAID-01 (ciss) B mass storage driver release notes, edition 2

HP Application Lifecycle Management

HP-UX Event Monitoring Service (EMS) Hardware Monitors Release Notes

HP Quality Center. Software Version: Microsoft Word Add-in Guide

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

HP-UX 11i software deployment and configuration tools

HP-UX Support Tools Manager (STM) Release Notes

HP OpenView Smart Plug-in for Microsoft Exchange Server

HP Velocity Live QoS Support

HP Remote Support Software Manager

HP POLYSERVE SOFTWARE

HP Server Automation Enterprise Edition

HP Auto Port Aggregation (APA) Release Notes

HP Software as a Service

System Fault Management Administrator s Guide

Tunable Base Page Size

HP LeftHand SAN Solutions

Customizing Asset Manager for Managed Services Providers (MSP) Software Asset Management

Integrating HP Insight Management WBEM (WMI) Providers for Windows with HP System Insight Manager

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

Security Overview of the Integrity Virtual Machines Architecture

HP ThinPro. Table of contents. Connection Configuration for RDP Farm Deployments. Technical white paper

FTP Server Configuration

HP Operations Orchestration Software

HP Device Manager 4.6

HP Server Management Packs for Microsoft System Center Essentials User Guide

HP-UX WBEM Direct Attached Storage (DAS) Provider release notes. HP-UX 11i v3

HP OpenView Internet Services. SNMP Integration with HP Operations Manager for Windows White Paper

Installing Microsoft Windows

HP Device Manager 4.6

HP LeftHand SAN Solutions

Sharing Pictures, Music, and Videos on Windows Media Center Extender

Legal Notices Introduction... 3

HP SiteScope. HP Vertica Solution Template Best Practices. For the Windows, Solaris, and Linux operating systems. Software Version: 11.

Using HP ProLiant Network Teaming Software with Microsoft Windows Server 2008 Hyper-V or with Microsoft Windows Server 2008 R2 Hyper-V

HP StorageWorks EVA Hardware Providers quick start guide

HP ALM. Software Version: Tutorial

HP Thin Client Imaging Tool

HP Business Service Management

HP One-Button Disaster Recovery (OBDR) Solution for ProLiant Servers

USB Secure Management for ProCurve Switches

P4000 SAN/iQ software upgrade user guide

TIBCO ActiveMatrix BusinessWorks Plug-in for TIBCO Managed File Transfer Software Installation

HP OpenView Performance Insight Report Pack for Databases

HP ProLiant PRO Management Pack (v 2.0) for Microsoft System Center User Guide

HP Data Protector Integration with Autonomy IDOL Server

How to use Data Protector 6.0 or 6.10 with Exchange Recovery Storage Groups to restore a single mailbox

HP ITSM best practices for HP OpenView Service Desk. HP Services

Configuring and Administrating Microsoft SharePoint 2010 (10174) HK913S

Guidelines for using Microsoft System Center Virtual Machine Manager with HP StorageWorks Storage Mirroring

HP Storage Virtual Volume Design and Implementation Service

HP ThinPro. Table of contents. Enabling RemoteFX for RDP. Technical white paper

HP Enterprise Integration module for SAP applications

Advanced Solutions of Microsoft SharePoint Server 2013 (20332) H6C76S

Backup Strategies for Integrity Virtual Machines

Installing and Configuring Windows Server 2012 (20410) H4D00S

Server Virtualization with Windows Server Hyper-V and System Center (20409) H8B93S

Bluetooth Pairing. User Guide

HP OpenView Smart Plug-in for Microsoft Exchange

HP OneView Administration H4C04S

SMS Inventory Tool for HP ProLiant and Integrity Update User Guide

HP Point of Sale (POS) Peripherals Configuration Guide ap5000 VFD Windows (non-opos)

HP Device Manager 4.6

HP Operations Orchestration Software

HP Operations Orchestration Software

HP Education Services Course Overview

HP Device Manager 4.7

Managing Scalability of Web services

HP Device Manager 4.7

HP LASER GAMING MOUSE USER MANUAL

HP Access Control Express Installation Guide

HP Identity Driven Manager Software Series Overview

HP OpenView Network Node Manager

HP LeftHand SAN Solutions

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Incident Management help topics for printing

ProCurve Mobility Manager 1.0

HJ594S. Configuring, Managing and Mantaining Windows Server 2008 Servers (6419)

HP Client Manager 6.2

capacity management for StorageWorks NAS servers

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Processes and Best Practices Guide

HP A-IMC Firewall Manager

HP Operations Orchestration Software

HP IMC Firewall Manager

HP Insight Diagnostics Online Edition. Featuring Survey Utility and IML Viewer

HP Intelligent Management Center Standard Software Platform

HP ilo mobile app for Android

HP D2D NAS Integration with HP Data Protector 6.11

QuickSpecs. HP Device Manager

HP Quality Center. Software Version: Version Control Add-in Guide

Backing up and restoring HP Systems Insight Manager 6.0 or greater data files in a Windows environment

Transcription:

HP-UX Role-Based Access Control B.11.31.04 Release Notes HP Part Number: 5992-0628 Published: June 2007 Edition: E028

Copyright 2001 2007 Hewlett-Packard Development Company L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Table of Contents HP-UX Role-Based Access Control B.11.31.04...7 HP-UX RBAC Overview...7 HP-UX RBAC Features...7 HP-UX RBAC Documentation...7 HP-UX RBAC Manpages...8 1 New in HP-UX RBAC B.11.31.04...9 Compatibility Information and Installation Requirements...9 2 Acquiring and Installing HP-UX RBAC...11 Acquiring HP-UX RBAC...11 Installing HP-UX RBAC...11 3 Known Problems in HP-UX RBAC B.11.31.04...13 Table of Contents 3

4

List of Tables 1 HP-UX RBAC manpages...8 5

6

HP-UX Role-Based Access Control B.11.31.04 The information in this document is for HP-UX Role-Based Access Control (RBAC) version B.11.31.04 only. HP-UX RBAC Overview HP-UX RBAC is an alternative to the traditional all-or-nothing root user model, which grants permissions to the root user for all operations, and denies permissions to non-root users for certain operations. HP-UX RBAC allows you to distribute administrative responsibilities by creating roles with appropriate authorizations and assigning them to non-root users and groups. HP-UX RBAC includes the following main components: Privilege shells (privsh, privksh, and privcsh) that automatically invoke the access control subsystem to run commands with privileges when appropriate. RBAC System Management Homepage (SMH) integration to allow the graphical management of the RBAC databases through a Web interface. The privrun wrapper command that allows authorized users and groups to run existing legacy applications with varying levels of privileges without modifying the application. The privedit command that allows authorized users and groups to edit files they normally would not be able to edit because of file permissions or Access Control Lists. Customizable Access Control Policy Switch (ACPS) that determines whether a subject is authorized to perform an operation on an object. Access Control Policy Module (ACPM) to evaluate HP-UX RBAC databases and service access control requests. Management commands to edit and validate HP-UX RBAC database files. HP-UX RBAC Features HP-UX RBAC offers the following features: Integrates with the Fine-Grained Privileges and Compartments components of the HP-UX 11i Security Containment features. Integrates with HP-UX audit system to produce a single, unified audit trail. Pluggable architecture for customizing access control decisions and integrating existing access control policy information. Pre-defined configuration files to facilitate quick and easy deployment. Flexible re-authentication ability via PAM to allow restrictions on a per command basis. Fully supported HP product. NOTE: The recently released HP-UX Identity Management Integration A.01.00 feature allows you to manage HP-UX RBAC operations using the HP OpenView Select Access Policy Builder GUI. To learn more about the HP-UX Identity Management Integration feature, select HP-UX Identity Management Integration on Software Depot: http://www.software.hp.com HP-UX RBAC Documentation Use the following documents in conjunction with each other when using HP-UX RBAC B.11.31.04: HP-UX RBAC B.11.31.04 Release Notes HP-UX System Administrator's Guide (volume 4): Security Management HP-UX RBAC Overview 7

These documents are located at: http://docs.hp.com HP-UX RBAC Manpages Table 1 lists and briefly describes the HP-UX RBAC manpages, which are installed with the product at /usr/share/man/<man_section#>.z: Table 1 HP-UX RBAC manpages Manpage rbac(5) acps(3) acps.conf(4) acps_api(3) privrun(1m) privedit(1m) roleadm(1m) authadm(1m) cmdprivadm(1m) rbacdbchk(1m) privsh(5m) Description Describes the HP-UX RBAC feature. Describes the ACPS and its interfaces. Describes the ACPS configuration file and its syntax. Describes the ACPS Application Programming Interface. Describes the ACPS Service Provider Interface. Describes privedit functionality and syntax. Describes roleadm functionality and syntax. Describes authadm functionality and syntax. Describes cmdprivadm functionality and syntax.h. Describes rbacdbchk functionality and syntax. Overview of various privileged system shells. 8 HP-UX Role-Based Access Control B.11.31.04

1 New in HP-UX RBAC B.11.31.04 HP-UX RBAC B.11.31.04 delivers the following new content: The introduction of a set of privilege shells, allowing a non-root user to automatically invoke privrun when needed by simply configuring a privilege shell as their default shell. Integration with HP System Management Homepage (SMH), allowing for the management of local RBAC roles, authorizations, and commands through the Web interface of SMH Version 2.2 and higher. Integration of access control logic directly into select commands, including passwd(1) and userdbset(1m). This allows an administrator to assign capabilities in a much more granular fashion. Compatibility Information and Installation Requirements The minimum requirements to install and run HP-UX RBAC B.11.31.04 are as follows: Hardware Requirements: HP 9000 Computers HP Integrity Servers Disk Space Requirements: 560 KB on HP 9000 Computers 900 KB on HP Integrity Servers Operating System Requirements: HP-UX 11i v3 Patch Requirements: PHCO_36479-11.31 rbac cumulative patch PHCO_36480-11.31 userdb cumulative patch PHCO_36481-11.31 passwd(1) cumulative patch PHCO_36482-11.31 libpam_unix cumulative patch Availability in Native Languages: HP-UX RBAC B.11.31.04 is currently available in English only Compatibility Information and Installation Requirements 9

10

2 Acquiring and Installing HP-UX RBAC HP-UX RBAC is available free of charge from Software Depot: http://www.software.hp.com Acquiring HP-UX RBAC To acquire HP-UX RBAC, you must complete the following steps: 1. Go to Software Depot: http://www.software.hp.com. 2. Search for HP-UX RBAC (keyword RBAC) and read the information on the HP-UX RBAC release page. 3. Select Receive for Free >> at the bottom of the page. 4. Enter your registration information. 5. Review and accept the Warranty and Terms and Conditions statements. 6. Select Download at the bottom of the page and save the HP-UX RBAC depot as a local file on your system, for example, in /tmp/rbac-depotname.depot. 7. Use the following command to verify that the depot file is on your system: # swlist -d @ /tmp/<rbac-depotname>.depot If the HP-UX RBAC depot is on your system, you will see the following message after running the command: AccessControl B.11.31.04 HP-UX Role-Based Access Control Infrastructure NOTE: The depot filename in the previous steps is for example only. The exact HP-UX RBAC depot filename and location may vary. Installing HP-UX RBAC To install HP-UX RBAC on your HP-UX 11i v3 systems, you must complete the following steps. You do not need to reboot the system to install HP-UX RBAC. IMPORTANT: Installing HP-UX RBAC B.11.31.04 with the PHCO_36479 RBAC cumulative patch will overwrite the existing HP-UX RBAC database files only if the database files have not been modified. 1. Review Compatibility Information and Installation Requirements. 2. Download HP-UX RBAC as described in Acquiring HP-UX RBAC. 3. Logon to your system as the root user. 4. Install HP-UX RBAC using the following command: # swinstall -s /tmp/<rbac-depotname>.depot AccessControl The name and location of the HP-UX RBAC depot above is for example only the actual name and location may vary. 5. Verify the installation using the swverify AccessControl command. If HP-UX RBAC installed correctly on the system, the swverify command output includes the following text: * Verification succeeded HP-UX RBAC installs in /usr/bin/ and /usr/sbin/. The swinstall tool displays an error message if the installation fails. Check /var/opt/adm/sw/swagent.log for information if the installation failed. Acquiring HP-UX RBAC 11

To remove (un-install) HP-UX RBAC B.11.31.04 from your HP-UX 11i v3 systems, you must complete the following steps: 1. Logon to your system as the root user. 2. Use the following command to remove HP-UX RBAC: # swremove AccessControl 3. Use the swlist RBACExt command to verify that HP-UX RBAC was removed from the system. If HP-UX RBAC was removed from the system, the swlist command will report the following: # swlist RBACExt # Initializing... Contacting target "<hostname>"... ERROR: Software "RBACExt" was not found on <hostname>. 12 Acquiring and Installing HP-UX RBAC

3 Known Problems in HP-UX RBAC B.11.31.04 HP-UX RBAC B.11.31.04 contains no known problems. 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information