beautypg.com

Establishing subnetworks, Capabilities of a remote super id user – HP NonStop G-Series User Manual

Page 345

background image

Managing Users and Security

Guardian User’s Guide 425266-001

16 -23

Establishing Subnetworks

Establishing Subnetworks

In a large network, it is sometimes preferable to allow users to access some nodes but
not others. For example, users on system \SANFRAN are allowed to access systems
\LA, \SEATTLE, and \CUPRTNO but not the \NEWYORK and \CHICAGO systems.

In this case, the preceding examples can be extended to allow access to any number of
subnetworks (that is, any collection of individual nodes). A user such as NET.WEST is
established at each node of the subnetwork, and a password scheme like the one used in
the previous example allows certain users to log on as NET.WEST.

Subnetworks implemented in this manner can overlap or include one another.
\CHICAGO might be accessible from \NEWYORK by logging on as NET.EAST, and
from \PHOENIX by logging on as NET.MIDWEST. Similarly, each system in the
network might have a user called NET.GLOBAL, who is allowed to access every other
node.

Capabilities of a Remote Super ID User

On a single system, a super ID user can access any file. On a network, the capabilities of
the super ID can be local, global, or somewhere in between local and global.

Making the Super ID a Local Super ID Only

To make the super ID exclusively a local super ID user, do not issue
REMOTEPASSWORD commands for the super ID at any node.

Making the Super ID a Global Super ID

To make the super ID a global super ID, issue REMOTEPASSWORD commands (as
defined in

Establishing a Global Remote Password

on page 16-22) at every node, and

give every super ID the same password.

In this case, if a disk file is secured A, G, O, or –, a remote super ID user can still gain
access to the file by running the TACL program on that system and logging on as the
local super ID.

Making the Super ID Between Local and Global

To make the super ID somewhere between a local and global super ID user, issue
REMOTEPASSWORD commands (as defined in

Establishing a Global Remote

Password

on page 16-22) at every node, but give each super ID a distinct password.

Thus, any disk file can be protected from remote access by giving it A, G, O, or –
security. (The remote super ID can then access files secured N, C, or U.) A remote super
ID cannot log on as a local super ID user because the password for the local super ID is
unknown.

This manual is related to the following products:
See also other documents in the category HP Computer hardware: