1748281 Members
3972 Online
108761 Solutions
New Discussion

Re: Simple SMSE Q&A

 
john guardian
Super Advisor

Simple SMSE Q&A

For Trusted Mode, having the /tcb tree is an obvious means of verification.

 

But what about SMSE. Is there "something" that is exclusive to SMSE (on an 11.31 machine that would definitively identify its status as "configured for SMSE?

 

For example, let's say that:

 

- /tcb does not exist

- /etc/shadow does

 

At this point, we know that we are (at least) operating in Std Mode (SM).

 

The existence of an attribute like "AUTH_MAXTRIES" in the /etc/default/security file, would "suggest" SMSE, but still NOT definitive.

 

What I'm looking for is a file/flag or ??? that would exist ONLY if the system were configured for SMSE. So does that rule out the dir /var/adm/userdb? Would the dir exist (regardless of whether it's empty or not) if the 11.31 system is just in SM, rather than SMSE? If not, how is it created (by userdbset?)?

 

Anyone?

 

Thx.

 

 

P.S. This thread has been moevd from HP-UX > System Administration  to Security. - Hp forum moderator

 

 

1 REPLY 1
john guardian
Super Advisor

Re: Simple SMSE Q&A

24 veiws and no one has a clue?