Building a Common Environment
| | |
| ||
| ||
Within a cluster, access control is mediated by individual nodes using a common set of authorization information. In the single security domain model, a process, acting on behalf of an authorized individual, requests access to a cluster-visible object, and a coordinating node determines the outcome by comparing its copy of the common authorization database with the security profile for the object being accessed. This model enforces security only when the authorization information and the object security profiles are consistent across all nodes in the cluster.
To achieve data consistency within the cluster, a site needs to:
Maintain a common set of data, as described in “Required Common System Files”, “Recommended Common System Files”, and “Synchronizing Multiple Versions of Files”
Execute changes to system parameters consistently
When changing any LGI system parameters, use the System Management utility (SYSMAN) (see “Using the System Management Utility”).
The easiest way to ensure a single security domain is to maintain a single copy of each of the files listed in “System Files That Must Be Common in a Cluster” on one or more cluster-mounted disks. As soon as any required file is created on one node, it must be created or commonly referenced on all remaining cluster members. When a cluster is configured with multiple system disks, you can use system logical names to ensure that only a single copy of each file exists.
The files in “System Files That Must Be Common in a Cluster” contain data that must be synchronized. If your site chooses to maintain multiple versions of these files, you must synchronize the data, as “Synchronizing Multiple Versions of Files” explains.
Table 12-1 System Files That Must Be Common in a Cluster
| File | Description |
|---|---|
NETOBJECT.DAT | Contains the DECnet object database. Among the information contained in this file is the list of known DECnet server accounts and passwords. |
NETPROXY.DAT NET$PROXY.DAT | Contains the network proxy database. This file is maintained by the Authorize utility (AUTHORIZE). |
QMAN$MASTER.DAT | Contains the master queue manager database. This file contains the security information for all shared batch and print queues. If two or more nodes intend to participate in a shared queuing system, a single copy of this file must be maintained on a shared disk. |
RIGHTSLIST.DAT | Contains the rights identifier database. This file is maintained by AUTHORIZE and by various rights identifier system services. |
SYSALF.DAT | Contains the system autologin file. This file is maintained by the System Management utility (SYSMAN). |
SYSUAF.DAT | Contains the system user authorization file. This file is maintained by AUTHORIZE and modifiable through the Set User Authorization Information ($SETUAI) system service. |
SYSUAFALT.DAT | Contains the system alternate user authorization file. This file serves as a backup to SYSUAF.DAT and is enabled through the SYSUAFALT system parameter. |
VMS$OBJECTS.DAT | Contains the cluster-visible object database. Among the information contained in this file are the security profiles for all cluster-visible objects. |
Although HP does not require that the files listed in “System Files Recommended to Be Common” be common to all cluster members, it does recommend that the data in the files be fully synchronized. “Using Multiple Versions of Required Cluster Files” explains how to coordinate these files and suggests possible consequences of poor synchronization.
Some of the recommended files are created only on request and may not exist in all configurations. Note that a file may be absent on one node only if it is absent on all other nodes. As soon as any required file is created on one node, it must be created or commonly referenced on all remaining cluster members.
Table 12-2 System Files Recommended to Be Common
| File | Description |
|---|---|
VMS$AUDIT_SERVER.DAT | Contains information related to security auditing, such as enabled security-auditing events and the destination of the system security audit log file. |
VMS$PASSWORD_HISTORY.DATA | Contains the system password history database. This file is maintained by the SET PASSWORD utility. |
VMSMAIL_PROFILE.DATA | Contains the system mail database. This file is maintained by the Mail utility (MAIL). It holds mail profiles for all system users as well as a list of all mail forwarding addresses in use on the system. |
VMS$PASSWORD_DICTIONARY.DATA | Contains the system password dictionary. The system password dictionary is a list of English words and phrases that cannot be used as account passwords. |
VMS$PASSWORD_POLICY | Contains any site-specific password filters. This file is created and installed by the security administrator or system manager. (See “Site-Specific Filters” for details on password filters.) |
Using shared files is not the only way of achieving a single security domain. Some sites may have requirements for multiple copies of one or more of these system files on different nodes in a cluster. As long as the security information available to each node in the cluster is exactly the same, these sites operate in a single security domain.
“Using Multiple Versions of Required Cluster Files” lists the files that require coordination, explains when to update these files, and suggests possible consequences of poor synchronization.
Table 12-3 Using Multiple Versions of Required Cluster Files
| File | Coordination Required | Result of Poor Synchronization |
|---|---|---|
VMS$AUDIT_SERVER.DAT | Update after any SET AUDIT command. | Possible partitioning of auditing domains |
NETOBJECT.DAT | Update all versions after any NCP SET OBJECT or DEFINE OBJECT command. | Unexplained network login failures and unauthorized network access |
NETPROXY.DAT NET$PROXY.DAT | Update all versions after any AUTHORIZE proxy command. | Unexplained network login failures and unauthorized network access |
RIGHTSLIST.DAT | Update all versions after any change to any identifier or holder records. | Possible unauthorized system access and unauthorized access to protected objects |
SYSALF.DAT | Update all versions after any SYSMAN ALF command. | Unexplained login failures and unauthorized system access |
SYSUAF.DAT | Update all versions so the fields listed in “Fields in SYSUAF.DAT Requiring Synchronization” are synchronized for each user record. | Possible unexplained login failures and unauthorized system access. |
SYSUAFALT.DAT | Update all versions after any change to any authorization records in this file. | Possible unexplained login failures and unauthorized system access |
VMS$OBJECTS.DAT | Update all versions after any change to the security profile of a cluster-visible object or after new cluster-visible objects are created. (See “Protecting Objects” for details.) | Possible unauthorized access to protected objects |
VMSMAIL_PROFILE.DATA | Update all versions after any changes to mail forwarding parameters. | Possible authorized disclosure of information |
VMS$PASSWORD_HISTORY.DATA | Update all versions after any password change. | Possible violation of the system password policy |
VMS$PASSWORD_DICTIONARY.DATA | Update all versions after any site-specific additions. | Possible violation of the system password policy |
VMS$PASSWORD_POLICY | Install common version on all nodes. | Possible violation of the system password policy |