HP-UX 11i Version 2 Release Notes (October 2003)

Security

Boot Authentication

Chapter 7

174

Boot Authentication

The Boot Authentication feature makes it possible to configure a system so that only

authorized users are allowed to boot the machine into Single-user Mode.

Summary of Change

Formerly, the Boot Authentication feature was only available on systems that have been

converted to Trusted Mode. Starting with HP-UX 11i v2, the feature is available on all

Standard Systems.

The Trusted Mode Boot Authentication feature remains unchanged, while the Standard

Mode Boot Authentication feature can be configured by two parameters in the

/etc/default/security file. They are BOOT_AUTH and BOOT_USERS. See the security (4)

manpage for more detailed information.

Impact

If you wish to protect your system against unauthorized booting into Single-user Mode,

you may now do so without converting to Trusted Mode.

Compatibility

There are no compatibility issues.

Performance

There are no performance issues.

Documentation

The init (1M) and security (4) manpages have been updated.

Obsolescence

Not applicable.

File Descriptor Allocation

The behavior of the file descriptor allocation in HP-UX 11i v2 has been changed to

prevent security problems such as unauthorized modification of root-owned files. For

further information, see “File Descriptor Allocation” on page 213.