Within a cluster, access control is mediated by individual
nodes using a common set of authorization information. In the single
security domain model, a process, acting on behalf of an authorized
individual, requests access to a cluster-visible object, and a coordinating
node determines the outcome by comparing its copy of the common
authorization database with the security profile for the object
being accessed. This model enforces security only when the authorization
information and the object security profiles are consistent across
all nodes in the cluster.
To achieve data consistency within the cluster, a site needs
to:
Execute changes to system parameters consistently When changing any LGI system parameters, use the System Management
utility (SYSMAN) (see
Using the System Management Utility).
Required Common System Files The easiest way to ensure a single security domain is to maintain
a single copy of each of the files listed in
System Files That Must Be Common in a Cluster on one or more cluster-mounted disks. As soon as
any required file is created on one node, it must be created or
commonly referenced on all remaining cluster members. When a cluster
is configured with multiple system disks, you can use system logical
names to ensure that only a single copy of each file exists.
Table 1 System Files That Must Be Common in a Cluster
File
Description
NETOBJECT.DAT
Contains the DECnet object
database. Among the information contained in this file is the list
of known DECnet server accounts and passwords.
NETPROXY.DAT NET$PROXY.DAT
Contains the network proxy
database. This file is maintained by the Authorize utility (AUTHORIZE).
QMAN$MASTER.DAT
Contains the master queue
manager database. This file contains the security information for
all shared batch and print queues. If two or more nodes intend to
participate in a shared queuing system, a single copy of this file
must be maintained on a shared disk.
RIGHTSLIST.DAT
Contains the rights identifier
database. This file is maintained by AUTHORIZE and by various rights
identifier system services.
SYSALF.DAT
Contains the system autologin
file. This file is maintained by the System Management utility (SYSMAN).
SYSUAF.DAT
Contains the system user
authorization file. This file is maintained by AUTHORIZE and modifiable
through the Set User Authorization Information ($SETUAI) system
service.
SYSUAFALT.DAT
Contains the system alternate
user authorization file. This file serves as a backup to SYSUAF.DAT
and is enabled through the SYSUAFALT system parameter.
VMS$OBJECTS.DAT
Contains the cluster-visible object database.
Among the information contained in this file are the security profiles
for all cluster-visible objects.
Recommended Common System Files Although HP does not require that the files listed in
System Files Recommended to Be Common be common to all
cluster members, it does recommend that the data in the files be
fully synchronized.
Using Multiple Versions of Required Cluster Files explains
how to coordinate these files and suggests possible consequences
of poor synchronization.
Some of the recommended files are created only on request
and may not exist in all configurations. Note that a file may be
absent on one node only if it is absent on all other nodes. As soon
as any required file is created on one node, it must be created
or commonly referenced on all remaining cluster members.
Table 2 System Files Recommended to Be Common
File
Description
VMS$AUDIT_SERVER.DAT
Contains information related
to security auditing, such as enabled security-auditing events and
the destination of the system security audit log file.
VMS$PASSWORD_HISTORY.DATA
Contains the system password
history database. This file is maintained by the SET PASSWORD utility.
VMSMAIL_PROFILE.DATA
Contains the system mail
database. This file is maintained by the Mail utility (MAIL). It
holds mail profiles for all system users as well as a list of all mail
forwarding addresses in use on the system.
VMS$PASSWORD_DICTIONARY.DATA
Contains the system password
dictionary. The system password dictionary is a list of English words
and phrases that cannot be used as account passwords.
VMS$PASSWORD_POLICY
Contains any site-specific password filters.
This file is created and installed by the security administrator
or system manager. (See
Site-Specific Filters for
details on password filters.)
Synchronizing Multiple Versions of Files Using shared files is not the only way of achieving a single
security domain. Some sites may have requirements for multiple copies
of one or more of these system files on different nodes in a cluster.
As long as the security information available to each node in the
cluster is exactly the same, these sites operate in a single security
domain.
Possible unexplained login
failures and unauthorized system access.
SYSUAFALT.DAT
Update all
versions after any change to any authorization records in this file.
Possible unexplained login
failures and unauthorized system access
VMS$OBJECTS.DAT
Update all
versions after any change to the security profile of a cluster-visible
object or after new cluster-visible objects are created. (See
Protecting Objects for details.)
Possible unauthorized access
to protected objects
VMSMAIL_PROFILE.DATA
Update all
versions after any changes to mail forwarding parameters.
Possible authorized disclosure
of information
VMS$PASSWORD_HISTORY.DATA
Update all
versions after any password change.
Possible violation of the
system password policy
VMS$PASSWORD_DICTIONARY.DATA
Update all
versions after any site-specific additions.
HP OpenVMS Guide to System Security
Security for the System Administrator
