https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134664#M451018 Hi All, <BR /><BR />Hopefully a quick question. We are enabling our HPUX servers to Trusted System. I just wanted to clerify if /etc/default/security is needed with Trusted System, Don't need it at all, or replaced by Trusted System? <BR /><BR />I basically want to know if it is needed after converting to Trusted System. <BR /><BR />Thanks a million<BR /> Wed, 08 Oct 2008 19:18:34 GMT Ray Allen_1 2008-10-08T19:18:34Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134664#M451018 Hi All, <BR /><BR />Hopefully a quick question. We are enabling our HPUX servers to Trusted System. I just wanted to clerify if /etc/default/security is needed with Trusted System, Don't need it at all, or replaced by Trusted System? <BR /><BR />I basically want to know if it is needed after converting to Trusted System. <BR /><BR />Thanks a million<BR /> Wed, 08 Oct 2008 19:18:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134664#M451018 Ray Allen_1 2008-10-08T19:18:34Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134665#M451019 Yes, security file is used in trusted systems as well. <BR />See managing passwords in trusted mode - <A href="http://docs.hp.com/en/B2355-90950/ch08s10.html" target="_blank">http://docs.hp.com/en/B2355-90950/ch08s10.html</A><BR /><BR />regards,<BR />ivan Wed, 08 Oct 2008 19:26:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134665#M451019 Ivan Krastev 2008-10-08T19:26:31Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134666#M451020 Hi Ray,<BR /><BR />Have a look at the security manual, it describes for each option if it applies for trusted systems.<BR /><BR />11.23 example<BR /><A href="http://docs.hp.com/en/B3921-60631/security.4.html" target="_blank">http://docs.hp.com/en/B3921-60631/security.4.html</A><BR /><BR />Regards,<BR />Robert-Jan Wed, 08 Oct 2008 19:43:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134666#M451020 Robert-Jan Goossens_1 2008-10-08T19:43:37Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134667#M451021 Hi,<BR /><BR />There are many parameters you can set in security which cannot be set on trusted configurations. Like Password history depth,<BR />Number of logins allowed per user, How to behave when user home dir is missing, Password min upper/lower/special characters,<BR />ignorance of /etc/nologin file, etc.<BR /><BR />security file will be referred even after the system is converted to trusted. Thu, 09 Oct 2008 08:29:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134667#M451021 Ganesan R 2008-10-09T08:29:52Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134668#M451022 Thanks all. I appreciate your input. <BR /> Thu, 09 Oct 2008 12:27:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134668#M451022 Ray Allen_1 2008-10-09T12:27:48Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134669#M451023 Your Trusted system will use /etc/default/security if it exists, but it is not required. Instead, it provides extended security features that are very dependent on security patches. The man page for security on your system is the correct reference. If you use the online man page, you'll see options that may not work until you bring your patches up to date. The security file controls all 3 authentication environments: standard, Trusted and shadow password. But the man page will describe which options apply.<BR /> <BR />The security file has an two undocumented features:<BR /> <BR />1. The # sign acts as a comment character but unlike almost every UNIX style of comment handling, trailing # signs at the end of an option turn the entire line into a comment.<BR /> <BR />2. There are no diagnostics. So if you misspell an option or give it an invalid value, you'll not see the error in any log. The only way to see if an option works is to test it. Fri, 10 Oct 2008 01:13:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134669#M451023 Bill Hassell 2008-10-10T01:13:35Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134670#M451024 Points and advise well taken. <BR />Thanks. Tue, 21 Oct 2008 17:39:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-vs-trusted-system/m-p/5134670#M451024 Ray Allen_1 2008-10-21T17:39:00Z