Hewlett-Packard NetStorage 6000 Manual

Download Manual  of HP NetStorage 6000 Storage for Free or View it Online on All-Guides.com.

Brand: HP

Category: Storage

Type: Manual  for HP NetStorage 6000

Pages: 28 (0.13 Mb)

Download HP NetStorage 6000 Manual 

HP NetStorage 6000 Manual  - Page 1
1
HP NetStorage 6000 Manual  - Page 2
2
HP NetStorage 6000 Manual  - Page 3
3
HP NetStorage 6000 Manual  - Page 4
4
HP NetStorage 6000 Manual  - Page 5
5
HP NetStorage 6000 Manual  - Page 6
6
HP NetStorage 6000 Manual  - Page 7
7
HP NetStorage 6000 Manual  - Page 8
8
HP NetStorage 6000 Manual  - Page 9
9
HP NetStorage 6000 Manual  - Page 10
10
HP NetStorage 6000 Manual  - Page 11
11
HP NetStorage 6000 Manual  - Page 12
12
HP NetStorage 6000 Manual  - Page 13
13
HP NetStorage 6000 Manual  - Page 14
14
HP NetStorage 6000 Manual  - Page 15
15
HP NetStorage 6000 Manual  - Page 16
16
HP NetStorage 6000 Manual  - Page 17
17
HP NetStorage 6000 Manual  - Page 18
18
HP NetStorage 6000 Manual  - Page 19
19
HP NetStorage 6000 Manual  - Page 20
20
HP NetStorage 6000 Manual  - Page 21
21
HP NetStorage 6000 Manual  - Page 22
22
HP NetStorage 6000 Manual  - Page 23
23
HP NetStorage 6000 Manual  - Page 24
24
HP NetStorage 6000 Manual  - Page 25
25
HP NetStorage 6000 Manual  - Page 26
26
HP NetStorage 6000 Manual  - Page 27
27
HP NetStorage 6000 Manual  - Page 28
28
Copyright © 2000 Hewlett-Packard Company Page 14 of 28
All Rights Reserved
When a client attempts to logon to a server on a network (known as remote logon or network logon), the client is
given a 16-byte challenge (or "nonce"). If the client is a LAN Manager client, the client computed a 24-byte
challenge response by encrypting the 16-byte challenge with the 16-byte LAN Manager OWF password. This is
the algorithm used by LAN Manager. The LAN Manager client passes this "LAN Manager Challenge Response"
to the server. If the client is an Windows NT client, the client computed a LAN Manager Challenge Response,
just as above. In addition, the Windows NT client computes an "Windows NT Challenge Response" by using
the identical algorithm but using the 16-byte Windows NT OWF password instead of the LAN Manager OWF
password. The Windows NT client then passes both the LAN Manager Challenge Response and the Windows
NT Challenge Response to the server.
In either case, the server authenticates the user by passing this response to its Domain Controller which will either
process the request, or will pass the request onto another Domain that it has a trust relationship with, depending
on the Domain of the user account. The response includes the following information: the domain name, the user
name, the original challenge, the LAN Manager Challenge Response, and the optional Windows NT Challenge
Response. To authenticate the response, the Domain Controller queries the OWF passwords from SAM,
computes the appropriate Challenge Response using the OWF password from SAM and the passed in
Challenge, and then compares the computed challenge response to the one passed in. The Windows NT OWF
password will be used to authenticate wherever possible. In cases where the Windows NT OWF password is
missing from either the SAM or the response, then the LAN Manager password will be used instead. This allows
for backward compatibility.
3.3.4 Security Descriptors
Windows NT, in conjunction with the NT File System (NTFS), is designed to support restricted access to any
object (i.e. files or directories) on the File System. Every file and directory stored on the system contains a small
amount of administrative information (often referred to as metadata) which includes the security information
associated with the object. This information is known as the Security Descriptor, and contains the following main
attributes:
Owner SID The owner’s security ID.
Group SID The security ID of the primary group for the object (used only by POSIX).
Discretionary Access Control List (DACL) Specifies who has what access to an object
System Access Control List (SACL) Controls the auditing messages the system will generate.
System ACLs are controlled by the administrators.
This security mechanism protects the object from unauthorized access, regardless of whether the user attempts to
access the object on the local machine, or over the network from a client system.
The Discretionary Access Control List (DACL), is by far the most common form of access control list, and is often
abbreviated simply as the ACL of an object.
An Access Control List is made up of a header and zero or more access control entry (ACE) structures. These
entries specify access or auditing permissions to that object for one user or group. There are three ACE types:
two for Discretionary ACLs and one for System ACLs. The Discretionary ACEs are AccessAllowed and
AccessDenied. They explicitly grant or deny access to a user or group of users. SystemAudit is a System ACE