Chapter 2 HPSS Planning
HPSS Installation Guide September 2002 45
Release 4.5, Revision 2
2.2.7 Security
The process of defining security requirements is called developing a site security policy. It will be
necessary to map the security requirements into those supported by HPSS. HPSS authentication,
authorization, and audit capabilities can be tailored to a site’s needs.
Authenticationand authorization between HPSS serversis done through use of DCE cell security
authentication and authorization services. By default, servers are authenticated using the DCE
secret authentication service, and authorization information is obtained from the DCE privilege
service.The default protection level is to pass authentication tokens on the first remote procedure
call to a server. The authentication service, authorization service, and protection level for each
servercan be configured to raise or lower the security of the system. Two cautions should be noted:
(1) raising the protection level to packet integrity or packet privacy will require additional
processing for each RPC, and (2) lowering the authentication service to none effectively removes
the HPSS authentication and authorization mechanisms.This should only be done in a trusted
environment.
Each HPSS server authorizes and enforces access to its interfaces through access control lists
attached to an object (named Security) that is contained in its CDS directory. To be able to modify
serverstate, control access is required. Generally, this is only given to the DCE principal associated
with the HPSS system administrative component. Additional DCE principals can be allowed or
deniedaccess by setting permissions appropriately.See Section 6.5.1.2: ServerCDS Security ACLs on
page 278 for more information.
Securityauditing in each server may be configured to record all, none, or some security event. Some
sitesmay choose to log every client connection; every bitfile creation, deletion, and open; and every
filemanagement operation. Other sites may choose to log only errors. See the security information
fieldsin the general server configuration (Section 6.5.1: Configure the Basic Server Information (page
263)) for more details.
User access to HPSS interfaces depends on the interface being used. Access through DFS and the
nativeClient API uses the DCE authentication and authorization services described above. Access
through the Non-DCE Client API is configurable as described in Section 6.8.11:Non-DCE Client
Gateway Specific Configuration on page 367. Access through NFS is determined based on how the
HPSSdirectories are exported. Refer to Section 12.2: HPSS Utility Manual Pages on page 293 of the
HPSS Management Guide for more information on NFS exports and thenfsmap utility (Section
12.2.42: nfsmap — Manipulate the HPSS NFS Daemon's Credentials Map (page 418) in theHPSS
ManagementGuide). FTP or Parallel FTP access may utilize an FTP password file or may utilize the
DCE Registry. Additional FTP access is available usingIdent, Kerberos GSS credentials, or DCE
GSScredentials. The Ident and GSS authentication methods require running the hpss_pftpd_amgr
serverand an associated authentication manager in place of the standard hpss_pftpd. Refer to the
FTP section of theHPSS User s Guide for additional details.
2.2.7.1 Cross Cell Access
DCE provides facilities for secure communication between multiple DCE cells (realms/domains)
referred to as Trusted “Cross Cell”. These features use the DCE facilities to provide a trusted
environment between cooperative DCE locations. HPSS uses the DCE Cross Cell features for
authenticationand to provide HPSS scalability opportunities. The procedures for inter-connecting
DCEcells are outlined in Section Chapter 11: Managing HPSS Security and Remote System Access on
page 275 of theHPSS Management Guide. The HPSS DFS facilities, Federated Name Space, and
HPSS Parallel FTP can utilize the DCE and HPSS Cross Cell features.