HP-UX Standard Mode Security Extensions Release Notes

HP-UX Standard Mode Security Extensions Release Note

What’s in This Version

Chapter 16

What’s in This Version

The following sections briefly describe the security features of HP-UX Standard Mode

Security Extensions.

•“Features and Benefits” on page 6

•“Auditing System in Standard Mode HP-UX” on page 7

•“Configurable System-Wide Security Defaults in /etc/default/security” on page 8

•“User Database for Per-User Configurations” on page 9

Features and Benefits

Several security features that were previously available only on systems running in trusted

mode are now available in standard mode without converting to trusted mode. In addition,

several security attributes that were previously set on a system-wide basis can now be

configured on a per-user basis.

The following security features are now available in standard mode:

• Auditing user and system activities.

• Account locking after too many authentication failures occur.

• Displaying the last successful and unsuccessful login.

• Preventing the re-use of passwords in the password history.

• Preventing logins with null passwords.

• Restricting logins to specific time periods.

• Expiring inactive accounts.

These security features are implemented by the following HP-UX changes:

• The auditing system.

• The /etc/default/security configuration file (system-wide security defaults).

• The /etc/shadow password file.

• The /etc/pam.conf configuration file and the PAM libraries.

• The libsec routines.

• The addition of a user database for per-user configuration.