HP Integrated Login - an environment for implementing multiple security technologies - Product Information

Hewlett-Packard Journal, Dec, 1995 by Jane B. Marcus, Navaneet Kumar, Lawrence J. Rose

HP Integrated Login coordinates the use of security systems and improves the usability of computer systems running the HP-UX* operating system.

The HP Integrated Login product provides major usability gains for customers deploying enhanced security technologies on computer systems based on the HP-UX operating system. In this article, we describe the customer needs and the HP Integrated Login solution.

As computer networks expand, and as pirates more frequently travel the information superhighway, customers require more stringent methods for securing data and accounts. The base HP-UX operating system provides standard UNIX[R] security mechanisms, but these do not meet all the needs of security-minded customers. There are many security technologies available commercially and in the public domain. HP customers sometimes wish to deploy one or more of these technologies on the HP-UX platform.

Security technologies use passwords to verify the user's identity and determine access rights to data and services. A user must enter a password and the password must be verified before access is granted. For example, basic HP-UX security requires that a password be entered for the user to gain access to the HP-UX machine. In addition to machine entitlement, passwords also may be used to verify the user's right to access protected services (e.g., mail systems) in the user's environment.

Security-minded customers see many benefits to deployment of enhanced security technologies--for example, protection against impostors and network eavesdroppers. However, placing additional security technologies on top of the HP-UX system can create a burden to the users of the system. When multiple security technologies are deployed (to monitor access to various protected services in the user environment), each technology requires password verification. Thus, a user may be forced to type in a password for the HP-UX system and then for each additional security technology. Furthermore, the use of multiple security technologies creates a complex task for users when passwords need to be changed in multiple places.

Customers need enhanced security, but they also want usable systems. Customers want to operate in a familiar environment, and do not want to learn many new commands for accomplishing basic tasks. When faced with a lengthy or complicated process, typical users may ultimately compromise the security of their systems by writing down passwords and procedures that might otherwise be forgotten. Customers will not accept a burdensome process for their users.

HP Integrated Login

The HP Integrated Login product has evolved to meet the customer needs discussed above. The original product for the HP-UX 9.x operating system was developed in response to DCE [dagger] customer requirements and was delivered primarily for use by HP's DCE customers. However, with the HP-UX 10.0 release, the HP Integrated Login product has been made extensible, so that it can serve the HP-UX community at large. The latest HP Integrated Login provides library interfaces that allow a generic set of security technologies to be integrated with HP-UX. The customer has maximum flexibility to choose and deploy appropriate technologies. Since DCE has an outstanding security technology, we expect that HP Integrated Login users will most often choose DCE for their security needs, but the HP Integrated Login product can support other technologies equally well.

The primary purpose of the HP Integrated Login product is to allow HP-UX users a convenient method for incorporating other security technologies into the standard HP-UX environment. Users should be able to use familiar HP-UX tools to accomplish familiar tasks. Thus, HP Integrated Login extensions have been added to several standard HP-UX 10.0 utilities.

The most important functionality delivered by HP Integrated Login is a single-step login: the user enters a password once at login time, and this password is used to grant access to the HP-UX machine as well as verify access among all the configured security technologies. The HP-UX 10.0 commands login and su have been enhanced to include single-step login capabilities. Also, the HP user desktop (HP VUE) has been integrated to support multiple security technologies. Login information is propagated throughout the entire VUE session and logins need not be repeated when new VUE windows are opened.

Password consistency is fundamental to most HP Integrated Login deployments. A user chooses one password, and this password is adopted across all security technologies. Thus, the user can supply the password once and the HP Integrated Login utilities transparently perform logins to each configured security technology on behalf of the user. The HP-UX 10.0 passwd command has been integrated to synchronize passwords for the user, so that a requested password change can be propagated to all configured security technologies. Likewise, user information commands chfn and chsh are provided to allow changes to finger and user shell information across security technologies. (Finger information includes the user's real name, location, and telephone number.)