HP-UX Role-Based Access Control B.11.31.05.
© Copyright 2001, 2011 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 HP-UX RBAC overview.................................................................................4 HP-UX RBAC features.................................................................................................................4 2 3 4 5 6 Update recommendation.............................................................................5 Supersedes................................................................................................6 Fixes........................................
1 HP-UX RBAC overview HP-UX Role-Based Access Control (RBAC) is an alternative to the traditional “all-or-nothing” root user model that grants permissions to the root user for all operations, and denies permissions to non-root users for certain operations. HP-UX RBAC allows you to distribute administrative responsibilities by creating roles with appropriate authorizations and assigning them to non-root users and groups.
2 Update recommendation Optional - Includes only optional enhancements, new features, software or hardware enablement, or minor bug fixes.
3 Supersedes This version supersedes HP-UX RBAC B.11.31.05.
4 Fixes HP-UX RBAC B.11.31.05.01 contains the following keystroke logging fixes and enhancements: • Keystroke logging of ssh sessions is supported. HP-UX Secure Shell version A.05.80.004 or later must be installed. • Keystroke logging of a full session is supported. For details, see key_filter(4) and keystroke(5).
5 Important information HP-UX RBAC B.11.31.05.01 contains the following known limitations: • Keystroke logging of ssh sessions is not supported for the case where both UsePAM and UseLogin are set to "yes" in sshd_config. • Keystroke logging of rcmds sessions (such as remsh, rcp, rdist) is not supported. • Keystroke logging of sftp sessions is not supported. For more details on keystroke logging, see keystroke(5).
6 Acquiring and installing HP-UX RBAC HP-UX RBAC is available from Software Depot: http://www.software.hp.com Compatibility information and installation requirements The minimum requirements to install and run HP-UX RBAC B.11.31.05.
IMPORTANT: Installing HP-UX RBAC B.11.31.05.01 with the PHCO_38583 RBAC cumulative patch overwrites the existing HP-UX RBAC database files only if the database files have not been modified. 1. 2. 3. 4. Review “Compatibility information and installation requirements”. Download HP-UX RBAC as described in “Acquiring HP-UX RBAC”. Log in to your system as the root user. To install HP-UX RBAC: # swinstall -s /tmp/RBAC-depotname.depot AccessControl Where RBAC-depotname is the name of the HP-UX RBAC depot.
IMPORTANT: Before removing HP-UX RBAC, remove or comment out any entries in /etc/ pam.conf where module_type is set to session and module_path is set to libpam_keystroke.so.1. For details, see pam_keystroke(5) and pam.conf(4). If these entries are not removed or commented out, then users including privileged users such as root will not be permitted access to the system using the service specified in these entries such as login, ftp, and sshd. To subsequently remove or comment out these /etc/pam.
7 HP-UX RBAC manpages Table 1 lists and briefly describes the HP-UX RBAC manpages, which are installed with the product at /usr/share/man/.Z: Table 1 HP-UX RBAC manpages 12 Manpage Description rbac(5) Describes the HP-UX RBAC feature. acps(3) Describes the ACPS and its interfaces. acps.conf(4) Describes the ACPS configuration file and its syntax. acps_api(3) Describes the ACPS Application Programming Interface. privrun(1m) Describes the ACPS Service Provider Interface.
