HPE Community
Operating System - HP-UX
1824977 Members
4016 Online
109678 Solutions
New Discussion юеВ

Power Broker and Power password on Hp Unix

 
PVR
Valued Contributor

тАО12-18-2006 08:03 PM

тАО12-18-2006 08:03 PM

Power Broker and Power password on Hp Unix

Hi Champs !

Anybody using power broker and power password softwares from symark in HP Unix systems.

Can you tell me the advantages and disadvantages this setup ? I am currently using around 25 HP Unix 11i trusted systems.

Awaiting your precious replies.

Don't give up. Try till success...
0 Kudos
Reply
3 REPLIES 3
Peter Godron
Honored Contributor

тАО12-18-2006 08:10 PM

тАО12-18-2006 08:10 PM

Re: Power Broker and Power password on Hp Unix

Hi,
we don't run it here, but the following threads may help:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=239249
"Symark's Power Broker. It gives us the ability to control their access through a separate account but let them run oracle processes as needed. Or even in the worst case I can give them full access to oracle but record everything they do. The cool part is I can watch them live if I don't trust them. I highly recommend it if you have "outsiders" on your boxes regularly."

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=703060
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=792119

0 Kudos
Reply
John Guster
Trusted Contributor

тАО12-19-2006 05:26 AM

тАО12-19-2006 05:26 AM

Re: Power Broker and Power password on Hp Unix

advantages are higher and tighter security, each command is logged, one password database to keep for multiple systems.
"disadvantage": locked out from one system, then one is locked out from all systems, if the power password database is down, regular user can not access any system in a normal way, expensive for licenses.
0 Kudos
Reply
Jason Ray
Frequent Advisor

тАО12-19-2006 05:41 AM

тАО12-19-2006 05:41 AM

Re: Power Broker and Power password on Hp Unix

We don't user Power Password on our HP systems. We have it on Solaris, mostly to keep the auditors happy. Otherwise we definitely wouldn't because it hasn't really bought us much. But we rely on the fact that our firewall keeps unwanted users off the network and we don't need heightened security.

We do use Power Broker on our HP-UX (and every other unix) systems. I can say that I haven't used 'sudo' much but I like PB for its flexibility and its logging. The newer versions allow you to put users into PB shells at login time so that you can track every command they run. Its also very nice for giving software support admins the ability to start/stop their processes as root or view certain log files they need access to. You could do all of that with sudo and ACL's. However, because we run many of the Unix platforms, PB allows us to use the same config files and scripts everywhere. Sudo and ACL's behave a little differently depending on the OS and version while PB remains the same across the board (at least in our experience).
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.