Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 9 HP-UX Role-Based Access Control

Overview
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Security, especially platform security, has always been an important issue for enterprise infrastructure. Even so, many organizations often neglected or overlooked such security concepts as individual accountability and least privilege in the past. However, recently introduced legislation in the United States including the Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act has helped to highlight the importance of these security concepts.

Most enterprise environments have systems administered by multiple users. Typically, this is accomplished by providing the administrators with the password to a common, shared account, known as root. While the root account simplifies access control management by enabling administrators with the root password to perform all operations the root account also presents several inherent obstacles for access control management, for example:

  • After providing administrative users with the root password, there is no easy way to further constrain those users.

  • In the best case, revoking access for a single administrator requires changing the common password and notifying other administrators. More realistically, simply changing the password is probably not sufficient to effectively revoke access because alternative access mechanisms might have already been implemented.

  • Individual accountability with a shared root account is virtually impossible to achieve. Consequently, proper analysis after a security event becomes difficult, and in some cases impossible.

The HP-UX Role-Based Access Control (RBAC) feature resolves these obstacles by providing the capability to assign sets of tasks to ordinary, but appropriately configured, user accounts. HP-UX RBAC also mitigates the management overhead associated with assigning and revoking individual authorizations on a per-user basis.

HP-UX RBAC offers the following features:

  • Predefined configuration files specific to HP-UX, for a quick and easy deployment

  • Flexible re-authentication via Plugable Authentication Module (PAM), to allow restrictions on a per command basis

  • Integration with HP-UX audit system, to produce a single, unified audit trail

  • Pluggable architecture for customizing access control decisions



Chapter 9 HP-UX Role-Based Access Control
  		 


Access Control Basics  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.