Operating System - HP-UX
1748140 Members
3529 Online
108758 Solutions
New Discussion

Re: HP-UX 11.23 - Trusted Mode is not availble ....

 
Kim Jeong Ki
New Member

HP-UX 11.23 - Trusted Mode is not availble ....

Hi.

We normally applied Trusted Mode on our HP-UX 11.23 but password policy does not work properly.

for example,
1. Password that is same as userid was created .
2. Directory "/tcb/files/auth/system/pwhist"
is not created.

please give us your tips...
thanks.
3 REPLIES 3
Doug O'Leary
Honored Contributor

Re: HP-UX 11.23 - Trusted Mode is not availble ....

Hey;

 

The trusted mode has been deprecated in favor of the shadow method.  Personally, I think that was a mistake; as the trusted mode seemed to offer more options and be more secure than is the shadow file.  For some reason, HP neglected to ask me before doing that, however.

 

You can still convert to trusted in HPUX 11.23 and 11.31 although 11.31 gives birght glaring warnings about not doing so.  /usr/lbin/tsconvert is the command you'll need or you can use sam.

 

pwconv is the command to move the passwords into the /etc/shadow file.

 

Hope that helps.

 

Doug O'Leary


------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Bill Hassell
Honored Contributor

Re: HP-UX 11.23 - Trusted Mode is not available ....

Trusted mode os fully supported on 11.23 and 11.31. After 11.31, that feature will (probably) not be available. But that does not affect your 11.23 system.

 

>> We normally applied Trusted Mode on our HP-UX 11.23 but password policy does not work properly.
>> for example,
>> 1. Password that is same as userid was created .

 

Converting to Trusted does not turn on password restrictions automatically. Go into SAM and under:

 

   Auditing and Security -->> System Security Policies

 

select: [X] Use Restriction Rules

 

>> 2. Directory "/tcb/files/auth/system/pwhist" is not created.

 

The history directory is created in /tcb/auth/system is created when someone first changes a password.



Bill Hassell, sysadmin
Steven E. Protter
Exalted Contributor

Re: HP-UX 11.23 - Trusted Mode is not available ....

Shalom,

Trusted mode does not use /etc/shadow.

Shadow passwords, a different depot uses /etc/shadow.

swlist -l product | grep -i shadow

Trusted mode is part of the base OS and is always there.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com