Download
Share
Print this page
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Desktop
  5. c3700 - Workstation
  6. Manual

HP c3700 - Workstation Manual page 6

Hp visualize workstation - interoperable security for hp-ux and windows nt technical workstations
Hide thumbs Also See for c3700 - Workstation:
1
2
3
4
5
6
7
8
9

Advertisement

Integration of
Windows NT
Security into the
UNIX Environment
02/04/00
Security paradigms need to be consistent between Windows NT and UNIX as a way to
help keep the total cost of ownership down. However, this requires a centralized approach
to security administration that is pervasive across many systems. There are two
fundamental security building blocks that are available (or soon will be) on UNIX and
Windows NT. These building blocks are DCE and Kerberos.
Today, the DCE implementation on Windows NT does not allow a DCE client to use
security to make a request to a Microsoft RPC server. If the DCE encrypts part of the
RPC, the Windows NT server cannot de-encrypt the RPC information. Therefore to get
this scenario to work, the Client side must not be secure. On the other hand, a Microsoft
RPC client can effectively communicate to a secure UNIX DCE server. Using minimal
security, the objects are accessible through the DCE server from a Microsoft RPC client.
The Microsoft RPC calls do not contain identification information however. The DCE
server must then treat them as unauthenticated requests. These requests can be handled
with the use of DCE's Cell Directory Service (CDS) and the use of ACL's within the
CDS.
The Kerberos method for authentication utilizes a central database of information about
users. Thus, when a user logs on, a security ticket is requested from a local server (ticket-
granting server of the realm). However, realms (administrative domain) in Kerberos can
register with other realms. Thus a user can be authenticated from a remote security server
using Kerberos protocol. The Kerberos protocols from Windows NT and UNIX servers
should then be able to authenticate each other's users. However, Kerberos does not
authorize users for utilizing system resources. The system still must provide an
authorization scheme, such as an ACL or a SID (Security IDentifier) to allow access to
resources. For example, a UNIX user could be authorized to log onto a Windows NT
domain or vice versa. The user authorization level, however, would be as a "Guest". This
would mean that user access levels would still need to be maintained separately on
Windows NT and UNIX.
HP VISUALIZE WORKSTATIONS
5

Advertisement

loading

Related Manuals for HP c3700 - Workstation

Related Products for HP c3700 - Workstation

This manual is also suitable for:

Visualize b160l - workstationVisualize b180l - workstationVisualize b2000 - workstationVisualize c100 - workstationVisualize c160 - workstationVisualize c180 - workstation ... Show all