This manual describes how to write programs that include the use of HP Tru64 UNIX
security features.
Audience
This manual is intended for programmers who are modifying or creating
security-relevant programs and are familiar with programming in C on UNIX
systems.
Organization
The manual is organized as follows:
| Chapter 1 | Describes the approach to examples used throughout this guide and provides information about the trusted computing base. |
| Chapter 2 | Provides specific techniques for designing trusted programs, such as whether the program is to be a directly executed command or a daemon. |
| Chapter 3 | Describes the structure of the authentication database and the techniques for querying it. |
| Chapter 4 | Describes the various user and group identities of the operating system and how you should use them, particularly the audit ID that is not a part of traditional UNIX systems. It also describes the contents of the enhanced (protected) password database. |
| Chapter 5 | Describes guidelines for when trusted programs should make entries in the audit logs and the mechanisms for doing so. |
| Chapter 6 | Describes the Security Integration Architecture (SIA) programming interface. |
| Chapter 7 | Describes the use of access control lists (ACLs) in applications that run on Tru64 UNIX. |
| Chapter 8 | Describes the GSS-API standard and security fundamentals and GSS Application Security SDK function calls with best practices and portability concerns for using them. |
| Appendix A | Provides coding examples for trusted Tru64 UNIX systems. |
| Appendix B | Contains the default auditable events (/etc/sec/audit_events) and the default audit-event aliases (/etc/sec/event_aliases) files.
|
| Appendix C | Describes how to use GSS-APIs to secure an application using C-programming language example code. It also explains the sample programs provided Application Security SDK. |
The following documents provide important information that supplements the information in certain chapters:
The Security Administration manual describes how to perform common Tru64 UNIX administrative tasks.
The Release Notes might contain important undocumented information about security.
HP welcomes any comments and suggestions you have on this and other Tru64 UNIX manuals.
You can send your comments in the following ways:
Fax: 603-884-0120 Attn: UBPG Publications, ZKO3-3/Y32
Internet electronic mail:
readers_comment@zk3.dec.com
A Reader's Comment form is located on your system in the following location:
/usr/doc/readers_comment.txt
Please include the following information along with your comments:
The full title of the manual and the order number. (The order number appears on the title page of printed and PDF versions of a manual.)
The section numbers and page numbers of the information on which you are commenting.
The version of Tru64 UNIX that you are using.
If known, the type of processor that is running the Tru64 UNIX software.
The Tru64 UNIX Publications group cannot respond to system problems or
technical support inquiries.
Please address technical questions to your
local system vendor or to the appropriate HP technical support office.
Information provided with the software media explains how to send problem
reports to HP.
Conventions
This manual uses the following typographical conventions:
| \ | A backslash at the end of a line in an example indicates continuation. |
| # | A number sign represents the system prompt when you are logged in to a Tru64 UNIX system using the root user account. |
| net stop | Bold courier type indicates user input. |
| >>> | The console subsystem prompt is three right angle brackets. |
| file | Italic (slanted) type indicates variable values, placeholders, and function argument names. |
[ | ] { | } |
In syntax definitions, brackets indicate items that are optional and braces indicate items that are required. Vertical bars separating items inside brackets or braces indicate that you choose one item from among those listed. |
| . . . | In syntax definitions, a horizontal ellipsis indicates that the preceding item can be repeated one or more times. |
| cat(1) | A cross-reference to a reference page includes the appropriate section number in parentheses. For example, cat(1) indicates that you can find information on the cat command in Section 1 of the reference pages. |
| [Ctrl/x] | This symbol indicates that you hold down the first named key while pressing the key or mouse button that follows the slash. In examples, this key combination is enclosed in a box (for example, [Ctrl/C] ). |