- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Disabling trusted mode - impact?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2013 01:34 AM
02-28-2013 01:34 AM
Disabling trusted mode - impact?
Hello,
We are planning for a centralized authentication for our HP-UX and Linux servers through LDAP using the OID (Oracle Internet Directory) integrated with our Microsoft Active Directory.
To enable this we need to convert our systems to untrusted mode as in trusted mode long usernames are not supported.
We are planning to centralize only the system/DB administrators and operators user-ids and the service accounts used for application installation will remail locally in the individual server.
Want to know if there will be any impact on the applications like Oracle Databases, Oracle Ebusiness suite, Oracle Apps servers etc. installed on these servers?
What will be the overall impact in converting a server from trusted mode to untrusted mode on a production environment?
Thanks,
Srividhya
- Tags:
- Oracle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2013 01:28 PM
02-28-2013 01:28 PM
Re: Disabling trusted mode - impact?
The biggest negative to disabling trusted mode is that your hashed passwords will now be visible in the /etc/passwd file for those accounts you are keeping local.
Since /etc/passwd must be readable by everyone that is a very bad idea. Someone could potentially grab the passwd file, take it home, and start running programs like John The Ripper or Crack or other things to try to discover passwords.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2013 01:52 AM
03-01-2013 01:52 AM
Re: Disabling trusted mode - impact?
How about switching to shadow password mode? That would fix the weakness of having the local password hashes visible in /etc/passwd.
As far as I know, most Oracle products you mentioned would tend to have their own built-in authentication systems, instead of relying on system passwords. So the impact to applications from the trusted -> non-trusted (-> shadow?) transition should be minimal or non-existent.
Just remember that a transition from trusted to non-trusted mode will truncate the stored password hashes so that only the first 8 characters of the stored passwords are retained. So if the user has more than 8 characters in his/her password, there might be some issues. (Usually the non-trusted mode will simply ignore any characters after the 8th when checking a password, but there might be some special snowflake software that insists on exact match. )