Chapter 2 HPSS Planning
HPSS Installation Guide September 2002 45
Release 4.5, Revision 2
2.2.7 Security
The process of defining security requirements is called developing a site security policy. It will be
necessary to map the security requirements into those supported by HPSS. HPSS authentication,
authorization, and audit capabilities can be tailored to a site’s needs.
Authentication and authorization between HPSS servers is done through use of DCE cell security
authentication and authorization services. By default, servers are authenticated using the DCE
secret authentication service, and authorization information is obtained from the DCE privilege
service. The default protection level is to pass authentication tokens on the first remote procedure
call to a server. The authentication service, authorization service, and protection level for each
server can be configured to raise or lower the security of the system. Two cautions should be noted:
(1) raising the protection level to packet integrity or packet privacy will require additional
processing for each RPC, and (2) lowering the authentication service to none effectively removes
the HPSS authentication and authorization mechanisms.This should only be done in a trusted
environment.
Each HPSS server authorizes and enforces access to its interfaces through access control lists
attached to an object (named Security) that is contained in its CDS directory. To be able to modify
server state, control access is required. Generally, this is only given to the DCE principal associated
with the HPSS system administrative component. Additional DCE principals can be allowed or
denied access by setting permissions appropriately. See Section 6.5.1.2: Server CDS Security ACLs on
page 278 for more information.
Security auditing in each servermay be configured to record all, none, or somesecurity event. Some
sites may choose to log every client connection; every bitfile creation, deletion, and open; and every
file management operation. Other sites may choose to log only errors. See the security information
fields in the general server configuration (Section 6.5.1: Configure the Basic Server Information (page
263)) for more details.
User access to HPSS interfaces depends on the interface being used. Access through DFS and the
native Client API uses the DCE authentication and authorization services described above. Access
through the Non-DCE Client API is configurable as described in Section 6.8.11: Non-DCE Client
Gateway Specific Configuration on page 367. Access through NFS is determined based on how the
HPSS directories are exported. Refer to Section 12.2: HPSS Utility Manual Pages on page 293 of the
HPSS Management Guide for more information on NFS exports and the nfsmap utility (Section
12.2.42: nfsmap — Manipulate the HPSS NFS Daemon's Credentials Map (page 418) in the HPSS
Management Guide). FTP or Parallel FTP access may utilize an FTP password file or may utilize the
DCE Registry. Additional FTP access is available using Ident, Kerberos GSS credentials, or DCE
GSS credentials. The Ident and GSS authentication methods require running the hpss_pftpd_amgr
server and an associated authentication manager in place of the standard hpss_pftpd. Refer to the
FTP section of the HPSS User’s Guide for additional details.
2.2.7.1 Cross Cell Access
DCE provides facilities for secure communication between multiple DCE cells (realms/domains)
referred to as Trusted “Cross Cell”. These features use the DCE facilities to provide a trusted
environment between cooperative DCE locations. HPSS uses the DCE Cross Cell features for
authentication and to provide HPSS scalability opportunities. The procedures for inter-connecting
DCE cells are outlined in Section Chapter 11: Managing HPSS Security and Remote System Access on
page 275 of the HPSS Management Guide. The HPSS DFS facilities, Federated Name Space, and
HPSS Parallel FTP can utilize the DCE and HPSS Cross Cell features.