Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX 11i Version 3 Release Notes: HP 9000 and HP Integrity Servers > Chapter 8 Security

HP-UX Standard Mode Security Extensions
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

The HP-UX Standard Mode Security Extensions product enhances the security of systems running in standard mode, by providing security features that were previously available only on systems that had been converted to trusted mode.

Summary of Change

What’s New for Customers Migrating from HP-UX 11i v1 September 2005?

The HP-UX Standard Mode Security Extensions product was previously unavailable on HP-UX 11i v1 as of the September 2005 release.

Several security features that were previously available only in trusted mode can now be used in standard mode, without converting to trusted mode. In addition, several security attributes can now be configured with a system-wide default or with a per-user value.

The following security features are now available in standard mode:

  • Auditing user and system activities.

  • Account locking after too many authentication failures.

  • Displaying the last successful and last unsuccessful login.

  • Preventing the re-use of passwords in the password history.

  • Preventing logins with a null password.

  • Restricting logins to specific time periods.

  • Expiring inactive accounts.

  • Reporting accounts that are locked.

  • Shadow passwords are now also supported with NIS.

These features are implemented by the following HP-UX changes:

  • The auditing system (commands and libraries).

  • The /etc/default/security file, described in security(4).

  • The /etc/shadow file, described in shadow(4).

  • The /etc/pam.conf configuration file, described in pam.conf(4).

  • The libsec and PAM libraries.

  • A new user database, described in userdb(4).

  • New commands: userdbget, userdbset, userdbck, userstat.

  • New user configuration tool, described in secweb(1M).

What’s New for Customers Migrating from HP-UX 11i v2 June 2006?

The HP-UX Standard Mode Security Extensions product is now part of the core OS.

New command: userstat.

New library functions: userdb_read(), userdb_write(), and userdb_delete(), described in userdb_read(3), userdb_write(3), and userdb_delete(3).

Shadow passwords are now also supported with NIS.

Impact

The HP-UX Standard Mode Security Extensions product provides new features that enhance system security. Each of the new security features is optionally configured. None of the new security features applies to systems running in trusted mode.

Compatibility

There are no known compatibility issues.

Performance

There are no known performance issues.

Documentation

For further information, refer to the following manpages: secweb(1M), useradd(1M), userdel(1M), usermod(1M), userstat(1M), userdbck(1M), userdbget(1M), userdbset(1M), pam_acct_mgmt(3), userdb_read(3), pam.conf(4), security(4), shadow(4), userdb(4), audit(5), pam_hpsec(5).

Obsolescence

As of HP-UX 11i v3, NIS+ is no longer supported. HP-UX 11i v3 will be the last release to support trusted systems functionality.



HP-UX Security Attributes Configuration (secweb)
  		 


Install-Time Security  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2006-2007 Hewlett-Packard Development Company, L.P.