HP-UX Secure Resource Partitions (SRP) A.02.00.001 Release Notes
• User login to an SRP compartment does not work when Trusted Computing is
enabled.
Login with a valid user name and password will fail or timeout when Trusted
Computing is enabled. Trusted Computing creates and uses the /tcb directory,
but the SRP compartment does not have access to /tcb/files/auth. Therefore,
the following message will be written to the syslog.d file:
sshd[2890]: error: PAM: pam_open_session(): General Commercial Security error
Workaround
Grant all SRP compartments access to Trusted Computing files as follows:
1. Edit the /etc/opt/hpsrp/cmpt/base.srp_incl file and add the following
lines at the end of the file:
// all access to /tcb/files/auth
perm nsearch /tcb
perm nsearch /tcb/files
perm all /tcb/files/auth
2. Enter the following command at the HP-UX command prompt:
HP-UX> setrules
• The SRP compartment administrator cannot start and stop the SRP.
Workaround
Only the root user can start and stop the SRP.
• SRP does not support the dash (-) character in the SRP compartment name.
Currently, the SRP will not be created if the SRP name supplied to the srp –add
<srp name> command contains a dash (-). The command srp -add will fail
with the following error:
Error: add commands (id=1) failed with exit status 1. The output was:
Compartment name must be alpha-numeric and may include '_'
Usage:
ch_srp -a -compartment <cmpt> [-[no]start]
ch_srp -d -compartment <cmpt>
ch_srp -l [-compartment <cmpt> ]
add startup directories failed
Workaround
Use an SRP name that does not include a dash (-).
12 HP-UX SRP