Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Trusted Passwords and System Access
Chapter 8 801
Managing Trusted Passwords and System
Access
The password is the most important individual user identification
symbol. With it, the system authenticates a user to allow access to the
system. Since they are vulnerable to compromise when used, stored, or
known, passwords must be kept secret at all times.
The first part of this section is similar to the section “Managing Standard
Passwords and System Access” on page 748, but with a Trusted System
point of view. The standard section also contains the following
information on protecting system access.
• “Eliminating Pseudo-Accounts and Protecting Key Subsystems” on
page 750
• “System Access by Modem” on page 751
• “Protecting Programs from Illegal Execution” on page 752
Security
Administrator’s
Responsibilities
The security administrator and every user on the system must share
responsibility for password security. The security administrator
performs the following security tasks:
• Generates Authorization Numbers (temporary passwords) for new
users. To maintain password privacy, SAM generates an
Authorization Number for each new account. This number must be
used for first login. Once this number has been verified, the new user
is prompted for a new password.
• Maintains proper permissions on all system files, including the
standard password file /etc/passwd and the trusted database files
/tcb/files/auth/*.
• Establishes password aging.
• Manages password reuse.
• Deletes and/or nullifies expired passwords, user IDs and passwords
of users no longer eligible to access the system.
User’s
Responsibility
Every user must observe the following rules:
• Remember the password and keep it secret at all times.