Planning Volume 2, Control Workstation and Software Environment
A primary consideration when you install and configure your SP system is
the security of the workstations on which the authentication servers are to
run. Because the authentication server is the repository of the secret
keys for all principals, you need to protect it. Consider taking the
following steps:
- Locate authentication server systems in physically secure areas, with
access limited to administrators authorized to perform tasks related to their
maintenance.
- Do not give user IDs for these systems to users, including SP system
administrators, who are not authorized as security administrators. Do
not enable remote access to them using telnet, rlogin, or
ftp.
- Enable AIX system auditing to record security events on these
systems.
- Implement an appropriate password selection and aging policy for the
master password, and change the password regularly.
- Compromise of the master password would expose all private keys stored in
the database. Establish a recovery plan that includes changing all
passwords, replacing all server key files, and destroying all outstanding
tickets.
[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]