https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608186#M35480 hi,<BR /><BR /> There is *NO* performance overhead with Trusted systems.<BR /><BR /> I don't see any negatives from the system-side. The improved restrictions on number of bad logins, disabling of accounts, expiry of accounts, passwords etc<BR />are all security features and<BR />not negatives.<BR /><BR /> The only problem i faced with trusted system was not<BR />able to get it to work with a<BR />NIS+ setup. This was a year<BR />back. I am not sure whether<BR />the problem got resolved.<BR /><BR /> Other than that, i don't<BR />see any issues. We run trusted<BR />setup on all the boxes without<BR />any issues.<BR /><BR /> For applications, an account<BR />is an account whether it is<BR />a trusted one or not. <BR /><BR />HTH<BR />raj Tue, 06 Nov 2001 16:14:19 GMT Roger Baptiste 2001-11-06T16:14:19Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608183#M35477 <BR />Does anybody know what the overhead of implementing a trusted system is? Other than performance (any idea what the performance hit is?).<BR /><BR />Are there other issues such as not being able to recover when the root password is lost etc?<BR /><BR />I know what the advantages are, just need to be aware of the negatives.<BR /><BR />Thanks, Paul Tue, 06 Nov 2001 14:47:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608183#M35477 Paul McCleary 2001-11-06T14:47:24Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608184#M35478 Hi Paul,<BR /><BR />Just take a look at the history in the formum on this subject. <BR /><BR />the URL:<BR /><BR /><A href="http://europe-support2.external.hp.com/emse/bin/doc.pl/sid=cb06260500bf33dcdd?todo=search&amp;searchtext=trusted+system&amp;searchcriteria=allwords&amp;searchtype=SEARCH_FORUMS&amp;searchcategory=ALL&amp;rn=25&amp;presort=rank" target="_blank">http://europe-support2.external.hp.com/emse/bin/doc.pl/sid=cb06260500bf33dcdd?todo=search&amp;searchtext=trusted+system&amp;searchcriteria=allwords&amp;searchtype=SEARCH_FORUMS&amp;searchcategory=ALL&amp;rn=25&amp;presort=rank</A><BR /><BR />hope this will give you some ideas<BR /><BR />Gideon Tue, 06 Nov 2001 14:53:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608184#M35478 G. Vrijhoeven 2001-11-06T14:53:03Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608185#M35479 Really no performance hit that would be noticed.<BR /><BR />Root password can still be reset from single user mode unless you set up the option to require a password in single user mode. Only trusted mode gives you that option. if you choose that option, HP says it is wise to have a backdoor for getting root password back or converting to untrusted:<BR /><A href="http://us-support3.external.hp.com/cki/bin/doc.pl/sid=577630d41b9e076ca5/screen=ckiDisplayDocument?docId=200000048456189" target="_blank">http://us-support3.external.hp.com/cki/bin/doc.pl/sid=577630d41b9e076ca5/screen=ckiDisplayDocument?docId=200000048456189</A><BR /><BR />As far as other negatives:<BR />Not all applications work with Trusted mode. Some older applications are written poorly and have trouble with authentification as Trusted demands passwords of at least 6 characters.<BR />Also, users may have to choose new passwords whenever you convert to Trusted mode or convert back.<BR />You may find root's account disable on occasion as the default is 3 failed attempts. When that happens you need to login from the console as root to get in to clear it up again. We upped this to 5 on our systems so it doesn't happen as frequently.<BR />The key is to test your applications running in trusted mode to make sure everything still functions properly.<BR /> Tue, 06 Nov 2001 15:59:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608185#M35479 Bernie Vande Griend 2001-11-06T15:59:42Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608186#M35480 hi,<BR /><BR /> There is *NO* performance overhead with Trusted systems.<BR /><BR /> I don't see any negatives from the system-side. The improved restrictions on number of bad logins, disabling of accounts, expiry of accounts, passwords etc<BR />are all security features and<BR />not negatives.<BR /><BR /> The only problem i faced with trusted system was not<BR />able to get it to work with a<BR />NIS+ setup. This was a year<BR />back. I am not sure whether<BR />the problem got resolved.<BR /><BR /> Other than that, i don't<BR />see any issues. We run trusted<BR />setup on all the boxes without<BR />any issues.<BR /><BR /> For applications, an account<BR />is an account whether it is<BR />a trusted one or not. <BR /><BR />HTH<BR />raj Tue, 06 Nov 2001 16:14:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608186#M35480 Roger Baptiste 2001-11-06T16:14:19Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608187#M35481 Hi,<BR /><BR />Other than what has already been mentioned, you will find that *ALL* accounts will have their passwords expired upon making your system trusted. This can be a disadvantage if your user community is not prepared for it. If they are unaware you could have a mutiny on your hands.<BR /><BR />HTH<BR />-Michael Tue, 06 Nov 2001 22:05:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-system/m-p/2608187#M35481 Michael Tully 2001-11-06T22:05:26Z