Security

Quick Links:

Enhanced Security/Trusted Operating System

Standard Security

Enhanced Security/Trusted Operating System

NOTES Tru64 UNIX V5.1x
Enhanced Security HP-UX 11i v2
Trusted HP-UX

Compliance ITSEC E2/C2 ITSEC E3/C3 CC CAPP EAL4

Password Rules

Passwords longer than eight characters
Passwords complexity checking (forces users to use unrecognizable strings)
Password reuse checking
Password life cycle management

Passwords longer than eight characters
Passwords complexity checking (forces users to use unrecognizable strings)
Password reuse checking
Password life cycle management

Login Controls

Limit hours of access
Prevent suspicious access during off-hours
Prevent suspicious access from remote locations

Limit hours of access
Prevent suspicious access during off-hours
Prevent suspicious access from remote locations

Kerberos Client Support Supports MIT and Windows 2000 Kerberos Domain Controllers
Tru64 UNIX Enhanced Security allows creation and management of UNIX user information in Windows 2000 Active Directory
Available as separate product

Kerberos Domain Controller Support Not available Available as separate product

Directory-based Authentication
and Name Resolution Primary LDAP or NIS servers;
YPLDAP not available.
Name Service Switch (NSS) implemented using /etc/svc.conf. Name Service Switch (NSS) available; features include:

/etc/passwd file lookup
/etc/group file lookup
NFS Automounter lookup
sendmail alias lookup

NOTES	Tru64 UNIX V5.1x Enhanced Security	HP-UX 11i v2 Trusted HP-UX
Compliance	ITSEC E2/C2	ITSEC E3/C3 CC CAPP EAL4
Password Rules	Passwords longer than eight characters Passwords complexity checking (forces users to use unrecognizable strings) Password reuse checking Password life cycle management	Passwords longer than eight characters Passwords complexity checking (forces users to use unrecognizable strings) Password reuse checking Password life cycle management
Login Controls	Limit hours of access Prevent suspicious access during off-hours Prevent suspicious access from remote locations	Limit hours of access Prevent suspicious access during off-hours Prevent suspicious access from remote locations
Kerberos Client Support	Supports MIT and Windows 2000 Kerberos Domain Controllers Tru64 UNIX Enhanced Security allows creation and management of UNIX user information in Windows 2000 Active Directory	Available as separate product
Kerberos Domain Controller Support	Not available	Available as separate product
Directory-based Authentication and Name Resolution	Primary LDAP or NIS servers; YPLDAP not available. Name Service Switch (NSS) implemented using `/etc/svc.conf`.	Name Service Switch (NSS) available; features include: `/etc/passwd` file lookup `/etc/group` file lookup NFS Automounter lookup `sendmail` alias lookup

Standard Security

NOTES Tru64 UNIX V5.1x HP-UX 11i v2

Limited Superuser Access Division of Privileges Restricted SAM

Network Information Service (NIS) Supported Supported

Access Control Lists Supported on all supported file systems:
getacl, setacl Journaled File System (JFS):
getacl, setacl
High Performance File System (HFS):
lsacl, chacl

NOTES	Tru64 UNIX V5.1x	HP-UX 11i v2
Limited Superuser Access	Division of Privileges	Restricted SAM
Network Information Service (NIS)	Supported	Supported
Access Control Lists	Supported on all supported file systems: `getacl`, `setacl`	Journaled File System (JFS): `getacl`, `setacl` High Performance File System (HFS): `lsacl`, `chacl`