Contact Us Contact Us

HP-UX Role-Based Access Control (RBAC)

  Software Depot
Electronic download
Frequently asked questions
Product details & specifications
Installation

Note:

Installing HP-UX RBAC B.11.31.05.01 with the PHCO_38583 RBAC cumulative patch will overwrite the existing HP-UX RBAC database files only if the database files have not been modified.

Installing HP-UX RBAC B.11.23.04 on a system with previous versions of HP-UX RBAC already installed on it will overwrite the existing HP-UX RBAC database files only if the database files have not been modified. If you installed previous versions of HP-UX RBAC and modified the database files, installing HP-UX RBAC B.11.23.04 on that same system does not overwrite the existing HP-UX RBAC database files.

HP-UX RBAC requires approximately 64 KB of disk space for installation. Use the following steps to install HP-UX RBAC on your HP-UX 11i systems:

1.      Logon to your system as the root user

2.      Download the HP-UX RBAC depot file and move it to the /tmp directory

3.      Install HP-UX RBAC B.11.31.05.01 using the following command:
# swinstall -s /tmp/<RBAC-depotname>.depot AccessControl

Install HP-UX RBAC B.11.23.04 using the following command:
# swinstall -x autoreboot=true -s /tmp/<RBAC-depotname>.depot AccessControl

Note: You do not need to reboot the system to install HP-UX RBAC.

HP-UX RBAC installs files under several directories. For a complete list of these directories, see the HP-UX Role-Based Access Control B.11.31.05.01 Release Notes. 

The swinstall tool displays an error message if the installation fails. Check /var/opt/adm/sw/swagent.log for information if the installation fails.

4.      Verify the installation using the swverify AccessControl command. If HP-UX RBAC installed correctly on the system, the swverify command output includes the following text:
* Verification succeeded

Note:

The HP-UX 11i Security Containment feature contains HP-UX RBAC B.11.23.03 as one of its components. If you install the HP-UX 11i Security Containment feature on a system that already has HP-UX RBAC B.11.23.03 or HP-UX B.11.23.04 on it, you must reconfigure HP-UX RBAC before you can use it with the Fine-Grained Privileges or Compartments component of the HP-UX 11i Security Containment feature. Use the following command to reconfigure HP-UX RBAC:

# swconfig -x reconfigure=true RBAC

Removing (un-installing) HP-UX RBAC

Use the following steps to remove (un-install) HP-UX RBAC from your HP-UX 11i systems:

 

IMPORTANT: Before removing HP-UX RBAC, remove or comment out any entries in /etc/pam.conf where module_type is set to session and module_path is set to

libpam_keystroke.so.1. For details, see pam_keystroke(5) and pam.conf(4). If these entries are not removed or commented out, then users including privileged users such as root will not be permitted access to the system using the service specified in these entries such as login, ftp, and sshd. To subsequently remove or comment out these /etc/pam.conf entries, either a different service must be used to access the system, or the system must be rebooted in single user mode.

  1. Logon to your system as the root user
  2. Use the following command to remove HP-UX RBAC:
    # swremove AccessControl
  3. Use the swlist RBACExt command to verify HP-UX RBAC B.11.31.05.01 was removed from the system. If HP-UX RBAC was removed from the system, the swlist command reports the following:

    # swlist RBACExt
    # Initializing...
    # Contacting target "<hostname>"...
    ERROR: Software "RBACExt" was not found on <hostname>.


    Use the swlist RBAC command to verify that HP-UX RBAC B.11.23.04 was removed from the system. If HP-UX RBAC was removed from the system, the swlist command reports the following:

    # swlist RBAC
    # Initializing...
    # Contacting target "<hostname>"...
    ERROR: Software "RBAC" was not found on <hostname>.
Installation Overview
Receive for Free