https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268909#M731710 The simplest method is to not allow root logins from any location except the console. Do this by setting up /etc/securetty:<BR /> <BR />echo "console" &gt; /etc/securetty<BR /> <BR />Now, to attain root login, you must first login as a normal user, then use su - root to login as root. Then restrict the users that are allowed to use su for root login by creating a special group in the /etc/gtorup file, making those selected users members of that group and setting the parameter: SU_ROOT_GROUP equal to that group name. The SU_ROOT_GROUP parameter is added to the file: /etc/default/security. See the man page for security. Sat, 08 Jan 2011 14:01:19 GMT Bill Hassell 2011-01-08T14:01:19Z https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268908#M731709 Is there any way to implement dual password authentication on root user. like first SA enter password and then Senior SA enter password then we get the root login?. I found this on AIX but dunno if there is such method in HP-UX Sat, 08 Jan 2011 08:39:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268908#M731709 Syed Nazer Abbas 2011-01-08T08:39:58Z https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268909#M731710 The simplest method is to not allow root logins from any location except the console. Do this by setting up /etc/securetty:<BR /> <BR />echo "console" &gt; /etc/securetty<BR /> <BR />Now, to attain root login, you must first login as a normal user, then use su - root to login as root. Then restrict the users that are allowed to use su for root login by creating a special group in the /etc/gtorup file, making those selected users members of that group and setting the parameter: SU_ROOT_GROUP equal to that group name. The SU_ROOT_GROUP parameter is added to the file: /etc/default/security. See the man page for security. Sat, 08 Jan 2011 14:01:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268909#M731710 Bill Hassell 2011-01-08T14:01:19Z https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268910#M731711 yes that can be implemented in such a way. But thats a work around of the problem. not exactly the solution of the problem Sun, 09 Jan 2011 04:17:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268910#M731711 Syed Nazer Abbas 2011-01-09T04:17:56Z https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268911#M731712 Hello Sayed !!<BR /><BR />I have seen this at certain client ends where they login on to the server through ssh<BR />i.e user accounts &amp; then use a third party<BR />authentication software like power broker for root access &amp; secure authentication.<BR /><BR />I hope sudo is not very safe and recommended <BR />by HP.<BR /><BR /><BR />not very sure if you are looking at some thing else. i don`t think native OS has this kind of mechanism.<BR /><BR />Thanks<BR /><BR />Manix<BR /> Sun, 09 Jan 2011 14:41:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268911#M731712 Manix 2011-01-09T14:41:39Z https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268912#M731713 Hi sayed,<BR /><BR />there is no feature included in Native HP UX OS for dual authentication of administrator account.<BR /><BR />better to go with solution as described by bill and not suggested to use any third party.<BR /><BR /> Mon, 10 Jan 2011 05:39:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268912#M731713 sarfaraj ahmad 2011-01-10T05:39:32Z https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268913#M731714 I found RBAC role based authentication on HP-UX. I think that may provide me the features by sudo. Hope one day hp could work on this to provide dual authentication on the ciritical accounts.<BR /><BR />However, appreciate all your replies and expert advices and help.<BR /><BR /> Mon, 10 Jan 2011 05:53:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268913#M731714 Syed Nazer Abbas 2011-01-10T05:53:04Z https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268914#M731715 closing the thread now Mon, 10 Jan 2011 05:54:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/dual-password-authentication/m-p/5268914#M731715 Syed Nazer Abbas 2011-01-10T05:54:29Z