This chapter describes the access rules that govern Trusted IRIX/CMW. There is a step-by-step description of how to log in and discussion about dealing with the password mechanisms. For a complete new user tutorial on all aspects of the IRIX system, refer to your standard IRIX documentation. This chapter addresses those areas where Trusted IRIX/CMW differs from standard IRIX. Also included are short descriptions of some day-to-day tasks that users of Trusted IRIX/CMW will need to perform.
When no one is logged in to a Trusted IRIX/CMW machine, the system displays a login prompt and waits for a user to enter a login name. To log in, you must first have an account created for you on the system. Your system administrator should create this account for you and tell you the login name you are to use. If you are allowed to select your own login name, select a name that is easy to remember, such as your first name and the initial of your last name. When your account is created, a password may also be logged for you at that time. If so, you should know the password before you attempt to log in. If a password is not logged for you when your account is created, you will have to select one when you first log in.
When you are certain that the account has been created for you, you are ready to log in. When no one is logged in at the console, a window is displayed for the login dialog. Follow these instructions to log in:
The trusted path window is displayed on the screen as shown in Figure 4-1, and the trusted path should be initialized on:
If the trusted path is not on, move the mouse cursor to the top button on the trusted path menu and click. If the trusted path window does not indicate that the trusted path is on, call your Site Security Officer. Move the pointer to the CMW Login Dialog window. The trusted path window should state that "You Are On The Trusted Path". Again, if it does not state that you are on the trusted path, call your Site Security Officer.
Next, on the CMW Login Dialog window, you see a prompt:
User Name:
as shown in Figure 4-2:
Enter the desired account name. You must enter an account name, there is no default.
Next, you are prompted for a MAC label:
MAC Label:
If you do not enter a MAC label name (that is, you simply press the Enter key) you are given your default login label.
Next, you are prompted for a capability set:
Capabilities:
If you do not enter a capability set (that is, you hit Enter alone) you are given your default capability set.
Next, you are prompted for your password:
Password:
Your password is not displayed as you type it in. Press Enter when you have typed your password.
Next, if all responses were valid, the user is logged in. If the login.options file contains this line:
lastlog = 1
The user is notified of his or her last login date and time. This is so that the user can be instantly aware if someone else has logged in to the account since their last login. If the user has never logged in before, the system will not display any lastlog message.
Next, the screen clears and the default windows and icons are displayed. The login process is now complete.
As described before, the sysconf(1) command is used to determine the current operating system. A complete description of all sysconf(1) commands can be found in the sysconf(1) reference page.
A label name may be specified for any desired pair of sensitivity and integrity. The format of such an alias is:
aliasname:[msentype] [level[,category]...]/[minttype][grade[,division]...] |
If you do not supply the msentype field, the type is recorded as TCSEC. If you do not supply the minttype field, the type is recorded as BIBA.
Trusted IRIX/CMW allows the Administrator to create aliases for commonly used labels. For example, we suggest the use of userlow, usermiddle, and userhigh as three labels for three classes of users. Your Administrator should tell you what, if any, label aliases are available at your site. A valid label alias can always be used in place of the specific label name, whether during the login process or when using the system.
Passwords are the first line of defense of a trusted system. As a user, it is your responsibility to protect the privacy of your password at all times. Follow these rules when dealing with your password:
Never give your password to another user, or allow another user to “borrow” your account.
Never keep your password written down anywhere near your machine.
Always commit your password to memory. If you forget it, the Administrator can change it for you.
Trusted IRIX/CMW contains facilities to generate passwords for users and these facilities are configured to work by default. If your site has changed the configuration to allow you to select your own passwords, follow these rules when choosing your password:
Never choose a password that could be guessed by someone who knew personal information about you. For example, if someone stole your wallet with the intent of finding out information about you, make certain that your password is not anything related to something someone might find in your personal information, such as variations on your name or the name of a friend or family member.
Always use a random mix of printable characters, control characters, punctuation marks, and numerals when selecting a password.
Each password must have at least six characters. However, only the first eight characters are significant.
The password must contain at least two alphabet characters and one numeral character.
The password must not be related to the user's login name. Any reversing or circular shift of the characters in the login name will not be allowed. For the purposes of this test, capital letters are assumed to be equivalent to their lower case counterparts.
The password must have at least three characters difference from the previous password. For the purposes of this test, capital letters are assumed to be equivalent to their lower case counterparts.
Trusted IRIX/CMW supports mandatory password generation. The default generator presents the user with five selected passwords, and the user is free to accept or reject any of these. If the user does not accept any of the offered passwords, he or she may press the Enter key and the system presents a new set of password choices.
Trusted IRIX/CMW supports password aging. Password aging is defined as being able to set a minimum and maximum lifetime for passwords. Password aging is a very useful feature. By limiting the amount of time a password may be in use, you limit the amount of time a potential intruder has to crack your password. By enforcing a minimum lifetime, you prevent lazy users from simply changing their password briefly and then returning to their usual password immediately.
If a user does not change their password within the specified time period, the account is automatically locked. Any user can place the following line in their .login or /.profile files to notify them when password expiration is imminent:
showpwage username |
By default, showpwage(1) only notifies the user if the password is within seven days of expiration. This default can be changed with the -d flag. See the showpwage(1) reference page for a complete description of this command.
Generally, the only time that an account becomes locked is when the user is away for an extended period of time. But once locked, an account can only be unlocked by the Superuser. Then, the Administrator should force the user to choose a new password the next time he or she logs in.