Operating System - HP-UX
1834142 Members
2409 Online
110064 Solutions
New Discussion

Re: Announcing HP-UX Role-Based Access Control

 
Ron Luman_1
Occasional Advisor

Announcing HP-UX Role-Based Access Control

Hi Everyone,

Thought you might be interested to know that Role-Based Access Control (RBAC) technology is now available for HP-UX. You can download HP-UX RBAC free-of charge at http://software.hp.com .

HP-UX RBAC is an alternative to the traditional "all-or-nothing" root user model, which grants permissions to the root user for all operations, and denies permissions to non-root users for certain operations. In the traditional root user model, there is no easy way to constrain users once they have the root password, making individual accountability virtually impossible.

With HP-UX RBAC, you can distribute administrative responsibilities and produce a unified audit trail by configuring roles with appropriate authorizations, and then assigning the roles to non-root users.

The HP-UX RBAC feature offers some key advantages over other role-based access control solutions available today. For example:
* fully-supported HP product
* pre-defined configuration files specific to HP-UX
* flexible re-authentication via PAM
* plug-able architecture for customizing access control decisions

You can use the HP-UX RBAC Release Notes and the "Using HP-UX RBAC" white paper at the following url to help plan and deploy HP-UX RBAC:

http://docs.hp.com/en/internet.html#HP-UX%20Role-based%20Access%20Control


Best Regards,
The HP-UX RBAC Team
11 REPLIES 11
Patrick Wallek
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

I had heard that this was coming. It's good to know that it is finally here.

I'm going to have a look at the manuals and download the software and test and see what happens.

Thanks RBAC Team!
Biswajit Tripathy
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

One important point if you are using IPFilter system
firewall on your system (either for security or for
NAT).

Current version of IPFilter on HP-UX 11.23 does not
support HP-UX RBAC product. So, IPFilter will stop
monitoring network traffic once you install HP-UX
RBAC. The IPFilter support for HP-UX RBAC will
follow soon and will be announced at the IPFilter
download URL at:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA

- Biswajit


:-)
Patrick Wallek
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

Any chance of RBAC being ported backwards to HP-UX 11.11?
Geoff Wild
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

While this is good - it is not great.

Looks like requirement is 11iv2 only - be nice to have on other versions as well as other OS'es (AIX, Solaris, Linux).

Until then, I'll have to stick with a 3rd party solution...

Just my 2 cents...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Biswajit Tripathy
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

A clarification on IPFilter and HP-UX RBAC.

After talking to Ron Luman, I realised that I was
mistaken regarding the complete content of HP-UX
RBAC. So please ignore my previous post regading
IPFilter and HP-UX RBAC. Sorry about that. There is
no reason why current version of IPFilter should not
work fine with HP-UX RBAC.

- Biswajit
HP-UX IPFilter team

P.S Any idea how I can remove my own post?
:-)
Ron Luman_1
Occasional Advisor

Re: Announcing HP-UX Role-Based Access Control

Hi,

Thanks for the input.

Geoff: At this point, we're looking at allowing HP-UX RBAC to use a common access control decision point (e.g. LDAP) that other tools may also use. (For example: tools that support other OS's)

Patrick: We currently have no plans for 11iv1 (11.11) support. That said, I'll take your post as a vote for it :)

Cheers,

--Ron
Chris Vail
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

This sounds great, but its fairly useless to us unless you port it to other OS's and versions as well. We need it for Sun, IBM and Linux OS's or we really can't use it.
At the very minimum, port it back to 11.11. We have an LDAP project currently in the rumor stage, so it might be a couple of years before we can roll this out. Using something like RBAC would speed up this process dramatically.


Chris
TwoProc
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

Ron (above) - boy - I tell ya. When you speak to the sales guys about the PA-Risc products - they tell you that HP is going to *fully* support PA-RISC until the end of life - which it isn't even at yet. I guess that means LESS than it what it seems. Dissapointing.
We are the people our parents warned us about --Jimmy Buffett
Ron Luman_1
Occasional Advisor

Re: Announcing HP-UX Role-Based Access Control

Hi,

Just one additional clarification to my earlier post: HP-UX RBAC support is currently planned for 11iv2 and forward. (It will be delivered as part of the core OS with future releases.) Note that this includes the recent 11iv2 update 2 release with support for PA-RISC.

For those that are still on 11iv1 (aka 11.11), I'd encourage you to take a look at the RBAC capabilities of HP System Insight Manager (http://h18013.www1.hp.com/products/servers/management/hpsim/index.html). We also deliver the sudo utility as part of the HP Internet Express bundle (http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111).

Cheers,

--Ron
Yogeeraj_1
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

hi ron

i think many like me were thrilled to this post!

Unfortunately, many of us were disappointed that it is not available for 11.11.

...the link to HP Systems Insight Manager 4.2 - HP-UX 11i v1* is broken too! :(

regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Yogeeraj_1
Honored Contributor

Re: Announcing HP-UX Role-Based Access Control

oops!
sorry Ron. I have been able to download the HP Systems Insight Manager - HP-UX. it works!

best regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)