Security
Showing results for 
Search instead for 
Do you mean 

11iv3 Trusted Mode Deprecation: Quick Q&A concerning the ability...

Highlighted
Super Advisor

11iv3 Trusted Mode Deprecation: Quick Q&A concerning the ability...

I remember reading "somewhere" that HP was going to disable the ability to convert to Trusted Mode. I believe it had to do w/a cutoff date when new distros of 11.31 would no longer include that capability.

 

Can anyone confirm this, please?

 

Thanks.

4 REPLIES
Honored Contributor Honored Contributor

Re: 11iv3 Trusted Mode Deprecation: Quick Q&A concerning the ability...

I have been looking for documentation that states what you mention.  I have not been able to find anything yet.

 

I did just find this in the getprpw and modprpw man pages:

 

HP-UX 11i Version 3 is the last release to support trusted systems functionality.

Frequent Advisor

Re: 11iv3 Trusted Mode Deprecation: Quick Q&A concerning the ability...

I was given to understand that trusted mode had been integrated into 11i v3 and thus was no longer needed. However, there is still a /usr/lbin/tsconvert command. (I haven't tried it since I don't know what it will do to the server at 11.31.)

Acclaimed Contributor Acclaimed Contributor

Re: 11.31 Trusted Mode Deprecation: Quick Q&A concerning the ability...

>I was given to understand that trusted mode had been integrated into 11.31.

 

That's SMSE, Standard Mode Security Extensions.

Valued Contributor

Re: 11.31 Trusted Mode Deprecation: Quick Q&A concerning the ability...

> I remember reading "somewhere" that HP was going to disable the ability to convert to Trusted Mode. I believe it had to do w/a cutoff date when new distros of 11.31 would no longer include that capability.

It's been deprecated in 11i v3 (which means that it won't be available in 11i v4) but given that 11i v3 will be supported until 31-Dec-2022 (see attached support matrix) it'll be around - and supported - for a while yet.

 

> I have been looking for documentation that states what you mention.  I have not been able to find anything yet.

It's mentioned in the 'HP-UX System Administrator's Guide - Security Management' (see attached admin guide extract) although the word 'deprecated' has been missplled as 'depreciated'.

 

> I was given to understand that trusted mode had been integrated into 11i v3 and thus was no longer needed.

>> That's SMSE, Standard Mode Security Extensions.

That's not entirely correct - SMSE does not enable the same password security policies for the super-user (ie, root) account as Trusted Mode did.  To implement the stricter security policies that were previously only available on trusted mode systems you also need to install and enable 'Restricted Root' (see attached release notes extract).