Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 4 HP-UX Standard Mode Security Extensions



Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

HP-UX Standard Mode Security Extensions (HP-UX SMSE) is a group of features that enhances both user and operating system security. HP-UX SMSE includes enhancements or changes to the HP-UX auditing system, passwords, and logins for systems in standard mode. Previously, these features were supported only on systems converted to trusted mode. With HP-UX SMSE, you can use these features on a standard mode system.

NOTE: HP does not recommend that you use HP-UX SMSE on systems running in trusted mode. HP-UX SMSE makes available in standard mode many account and password policies currently available only by converting an HP-UX system to trusted mode. Policies configured with HP-UX SMSE are not enforced on systems running in trusted mode.

To determine whether a system has been converted to trusted mode, check for the following file:


If this file exists, the system is running in trusted mode. To convert the system back to standard mode, use the sam(1M) command.

Refer to security(4) for more information on configurations supported with each of the HP-UX SMSE security features.

HP-UX SMSE offers a new feature, user database. Previously, all HP-UX security attributes and password policy restrictions were set on a systemwide basis. The introduction of the user database enables you to set security attributes on a per-user basis that overrides systemwide defaults.

The following trusted mode features are available in standard mode with HP-UX SMSE:

  • Audit all users and events on a system

  • Display the last successful and unsuccessful user logins

  • Lock a user account if there are too many authentication failures

  • Display password history

  • Expire inactive accounts

  • Prevent users from logging in with a null password

  • Restrict user logins to specific time periods

  • Usage of the userdbset command can be restricted based on a user’s authorizations. See userdbset(1M) for more information.

  • The userstat command displays the account status of local users. It checks the status of local user accounts and reports abnormal conditions, such as account locks. See userstat(1M) for more information.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.