1747987 Members
4626 Online
108756 Solutions
New Discussion юеВ

tcb and passwd

 
SOLVED
Go to solution
Keith Floyd
Advisor

tcb and passwd

Hi

Is it possible to run tcb - and gain from a hidden /tcb but at the same time allow users to have no passwd set ?? The aim here is to let the application (Oracle) secure the users

???

Any ideas ??

Thanks
Keith
6 REPLIES 6
Stefan Farrelly
Honored Contributor
Solution

Re: tcb and passwd


Yes, you can run a trusted system so the passwords are not visible in /etc/passwd and still have accounts with whatever type of password you want, or no password. But you will need to use SAM to set their security policy to allow no password, or use the modprpw command.
Im from Palmerston North, New Zealand, but somehow ended up in London...
CHRIS ANORUO
Honored Contributor

Re: tcb and passwd

Yes, you can setup the account with null password through SAM
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
Keith Floyd
Advisor

Re: tcb and passwd

thanks so far

But I am missing the idiot guide on how to go about it - probably obvious but -it's not working

Keith
Keith Floyd
Advisor

Re: tcb and passwd

thanks so far

But I am missing the idiot guide on how to go about it - probably obvious but -it's not working

Keith
Tom Danzig
Honored Contributor

Re: tcb and passwd

Fire up SAM.
Go to Accounts for users and groups.
Go to users
Highlight the user name to modify.
Click Actions -> Modify Security Policies.
Click Password Format Policies.
Change Allow Null Password to Yes

Kofi ARTHIABAH
Honored Contributor

Re: tcb and passwd

Keith:

couple of questions - must the users have unix accounts? or can the frontend application (on their desktop) talk directly (eg. through sqlnet) to oracle. If that is the case then you do not need to create unix level accounts for them - or indeed, you could create unix level accounts but you would have to use the suggestions above - ie use SAM to allow null passwd policy.

Good luck
nothing wrong with me that a few lines of code cannot fix!