HPE Community
Operating System - HP-UX
1752422 Members
5617 Online
108788 Solutions
New Discussion юеВ

Re: Before executing tsconvert ....

 
SOLVED
Go to solution
mvr
Regular Advisor

тАО11-19-2002 05:13 AM

тАО11-19-2002 05:13 AM

Before executing tsconvert ....

Could anybody tell me what is the best way to create trusted server (HP-11). I understand that user passwords will be reset. How do I change them ? Do I need to do manually for the each user or users have to do for them self ? When do I need to change root password ?
Any help is greatly appreciated.
0 Kudos
Reply
4 REPLIES 4
Christopher McCray_1
Honored Contributor

тАО11-19-2002 05:30 AM

тАО11-19-2002 05:30 AM

Re: Before executing tsconvert ....

Hello,

Using sam usually involves less headaches. After the convert, just go into the Accounts for Users and Groups -> Users and after selecting a user go to Actions, Reset Users Password. This will give you a "first time" password consisting of a simple character string, which you will copy down and give to the user. They will log in and immediately have to change their own passwd. As for root, you will need to change the passwd before it expires; you may want to create a "copy" of the root account to be safe in the case of lockout. You will also want to review the Modify Account Security Policies under Actions for each user and modify accordingly.

Hope this helps

Chris
It wasn't me!!!!
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО11-19-2002 05:42 AM

тАО11-19-2002 05:42 AM

Solution

Re: Before executing tsconvert ....

tsconvert is 'unsupported' for converting a system. However, this is exactly how SAM performs the task so other than there are no man pages, tsconvert -c is a lot faster than using SAM.

Now the passwords are not reset, just expired. That means that each user can login but is asked to immediately change their password. So if you run modprpw -V, you can avoid this problem (note: /usr/lbin)

/usr/lbin/tsconvert -c
/usr/lbin/modprpw -V

Then all passwords are back to normal. Converting back to unTrusted is even easier:

/usr/lbin/tsconvert -r

NOTE: Before converting, run pwck and fix all problems ((except for missing $HOME directories). Also, an unTrusted system ignore all charcaters typed past 8 for passwordfs, but Trusted treats every character as part of the password. When converting, only 8 the first 8 characters are retained si if you type in 9 characters, while it worked on unTrusted, it will fail on a Trusted system.


Bill Hassell, sysadmin
Reply
mvr
Regular Advisor

тАО11-21-2002 05:41 AM

тАО11-21-2002 05:41 AM

Re: Before executing tsconvert ....

Great .... I'm not sure what will excatly happen to the passwords after executing modprpw -V Are the passwords still expaired and users have to change them on next login, or passwords will get back to normal ?

Miro
0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО11-21-2002 05:48 AM

тАО11-21-2002 05:48 AM

Re: Before executing tsconvert ....

From man modprpw:

"This option is specified WITHOUT a user name to
"validate/refresh" all user's passwords. It goes through the
protected password database and sets the successful change time
to the current time for all users. The result is that all user's password aging restarts at the current time."


HTH,
Pete

Pete
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.