cancel
Showing results for 
Search instead for 
Did you mean: 

Security

admin1979
Super Advisor

Security


Hi,

We have a NIS Master server running Alpha Digital UNIX V4.0D.

Now sure if it is enabled with Enhanced security though as its just 4.0D.

Few concerns for security are,

1> Any user can get the encrypted password information just by doing ypcat passwd.
Can it be avoided? I have heard of enhanced security.

2> Any restrictions can be set w.r.t. hosts/subnet level access for NIS clients?

3> Any restrictions can be put up inorder to force users "change their passwords regularly ..password aging, keep complex passords ..restrict users from keeping simple passwords," etc.

4> There must be few tools which can be run to find out existing user accounts with simple passwords.


Please let me know if you require anymore information.

Thanx,
admin


6 REPLIES
Martin Moore
HPE Pro

Re: Security

Yes, enhanced security is what you need.

To see the current security level, do "rcmgr get SECURITY". If it returns ENHANCED, you're running enhanced security. If it returns BASE or nothing, you're running base security.

To set up enhanced security, I suggest you start with the security manual. The V4.0F version is the oldest one still on line that I can see, but it should be close enough to V4.0D to be useful. It's at http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V40F_HTML/AQ0R2ETE/TITLE.HTM . See chapters 6-7 for info in enhanced security features and how to set it up. For specifics on the interaction of NIS with enhanced security, see section 9.3.

Martin
I work for HP
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details

admin1979
Super Advisor

Re: Security

The command did not return anything.

# rcmgr get SECURITY



Thats strange as , it says C2-Security is installed.

server1# setld -i | grep OSFC2SEC
OSFC2SEC425 installed C2-Security (System Administration)
OSFC2SEC505 Enhanced Security (System Administration)

.
Martin Moore
HPE Pro

Re: Security

That means that you have the subsets installed, but enhanced security has never been turned on. You have to explicitly enable it. In V4, this is done by running /usr/sbin/secsetup. (See the man page, or even better the Security manual I referenced before, for more details.)

I strongly suggest that you do not jump into this without careful planning. The interaction of NIS and enhanced security can be tricky.

Martin
I work for HP
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details

admin1979
Super Advisor

Re: Security

Hmm..i guessed so but I wonder why OSFC2SEC505 Enhanced Security(System Administration) is not showing INSTALLED then?

Martin Moore
HPE Pro

Re: Security

The subset with the 505 suffix is from V5.0A. V4.0D subsets end in 425. I'd guess that someone tried to install one or more subsets from the V5.0A CD, which of course won't work on a V4.0D system. So the subset failed to install, but the attempt left a record in the inventory, and now you see it listed but not "installed".

Martin
I work for HP
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details

admin1979
Super Advisor

Re: Security

Makes sense