Specifications

ManualsBrandsDigital Equipment Corporation ManualsComputer equipmentDEClaser 3250

The ULTRIX Operating System, Version 4.5 SPD 26.40.32

and other suppliers of intelligent peripheral are able to

more easily write the necessary drivers and support

code for other third party devices.

OPEN SCSI CAM is not available on VAX ULTRIX sys-

tems. ULTRIX RISC does not support the use of SCSI

devices on DECsystem 5800 systems.

System Administration Enhancements

• Graphical User Account Manager

• Integral bad block replacement for DSA/MSCP and

SCSI disks

• System diagnostics

• Error logging

• Streaming tape

• Remote backup

• Gateway Screen Facility

• Network installation for MicroVAX, VAXstation, and

RISC-based systems

• Magnetic tape facilities including labeled tape facil-

ity for single-volume ANSI tape interchange between

ULTRIX and non-ULTRIX systems

• Line printer setup automation

• Documented error messages

• Support for up to 256 simultaneous users, available

through the use of user capacity upgrades

• Support for more than 64 ﬁle descriptors

Security Enhancements

The ULTRIX Operating System offers security features

designed to be compliant with the C2 security level as

speciﬁed by the

Trusted Computing Security Evaluation

Criteria

(Orange Book) and the

Password Management

Guidelines

(Green Book).

• Protection of the memory interface and terminals via

pre-assigned group identiﬁers.

• Trusted Path facility which allows users, logging into

a system via either LAT or a terminal multiplexer, to

ensure that no other process is running on that line.

• Administrator option to conﬁgure enhanced login and

password functionality, which includes a shadow au-

thentication database, conﬁgurable minimum pass-

word length (up to 16 characters), password aging

and expiration.

• Security auditing subsystem and audit trail reduc-

tion facility which tracks and records all the security

relevant actions occurring on the system along with

who performed the action. This includes an audstyle

(audit) option to control how much information is in-

cluded in audit records for execv (2) and execve (2)

events.

• Gateway packet screening. An ULTRIX system may

be used as a gateway (packet router) to connect sev-

eral IP networks. The Gateway packet screening

facility allows the system manager to control which

packets are forwarded, as one part of a comprehen-

sive network security policy. The facility consists of a

kernel-resident mechanism and a user-level daemon,

/usr/etc/screend. When a packet is ready to be for-

warded, the kernel mechanism submits the packet’s

headers to the daemon. The screend daemon ex-

amines the headers and tells the kernel to forward

or reject the packet, based on a set of rules deﬁned

in the conﬁguration ﬁle, /etc/screend.conf. Option-

ally, some or all decisions can be logged allowing a

manager to detect improper conﬁgurations or poten-

tial security problems.

For reasonable security and performance using screend,

Gateway packet screening should be used on a system

dedicated only to packet routing and related support ac-

tivities.

• Kerberos Authentication. Kerberos is a third-party

authentication service. The authentication of an ap-

plication X to another application Y depends upon

the trust both X and Y have in Kerberos. The BIND

/HESIOD daemon named has been enhanced to op-

tionally use Kerberos. ULTRIX also provides the Ker-

beros V4 programming interface so that application

developers can use this service. ULTRIX does not

provide the routines to send encrypted (safe) mes-

sages.

• Data Encryption/Decryption Facilities. The object

code distribution for the ULTRIX Operating System

includes no forms of encryption or decryption other

than one-way password encryption and Kerberos en-

cryption algorithm. Data encryption/decryption soft-

ware is available as an option under a separate order

number. Refer to the

SOFTWARE OPTIONS

section

for ordering information.

ULTRIX includes a set of intersystem facilities for com-

munication and networking of multiple systems.

•

Asynchronous Lines

Dynamic reassignment of asynchronous lines allows

use of the same modems for dialing in and out of a sys-

tem without user intervention. Terminal drivers support

7-bit and 8-bit characters.

•

Synchronous Lines