topic Re: trusted in Operating System - HP-UX

trusted

himacs — Thu, 10 Sep 2009 18:22:11 GMT

HI admins,

Please tell me advantages of trusted servers..

Is shadow file exists in trusted?

regards
himacs

Re: trusted

James R. Ferguson — Thu, 10 Sep 2009 18:29:22 GMT

Hi:

First, trusted systems are deprecated with 11.31 and will disappear in a release thereafter.

Trusted systems are different than the 'shadow' password implementation and no '/etc/shadow' file exists on a trusted system. Instead there is a '/tcb' directory.

You can learn more here:

http://docs.hp.com/en/5992-6416/5992-6416.pdf

Regards!

...JRF...

Re: trusted

Hakki Aydin Ucar — Thu, 10 Sep 2009 18:51:56 GMT

As addition:

HP-UX Trusted Systems come standard with HP-UX. It is installed by default (the product is called SecurityMon), although the functionality is not enabled by default. We can convert to a Trusted System and revert back if we wish. It is fully integrated into SAM, and SAM is the preferred method of managing Trusted Systems because the file structure is a little tricky to begin with and if you get it wrong, it can potentially render the system unusable. Its advantages:
A free, bundled product with HP-UX.

Stores passwords in a protected password database.

Provides a flexible password aging mechanism.

Provides a greater control over users' password choices.

Time- and location-based access controls.

Single-user mode authentication.

Automatically disables accounts and terminals after repeated failed logins.

Flexible auditing whereby individual users can be audited down to the system call level.

And besides, Password Aging manipulation.

Re: trusted

R.K. # — Fri, 11 Sep 2009 00:57:02 GMT

Hi Himacs..

With NON-TRUSTED systems, all encrypted passwords are stored in the /etc/passwd file.

With TRUSTED system, all encrypted passwords are stored in files in the /tcb/files/auth directory structure.

Additional features in TRUSTED SYSTEMS:
-auditing
-password setup policies
-a more stringent password and authentication system
-terminal access control
-time-based access control

See the threads below that describe differences in detail:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=638058
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1157625

Regds..

Re: trusted

Michael Steele_2 — Fri, 11 Sep 2009 01:35:55 GMT

Hi

Well, the 2nd and 3rd responses are advertisements. Although popular 5 to 10 years ago trusted systems have a high administration overhead that most scaled down data centers no longer can afford. It is good still in S1 government security levels, and was once the best alternative for S1 govt. security, but others have caught up and are as good, offer less labor (* especially when you lose the root password or lock the root account which everyone bitches about *) and is as good or better. SE Linux offered by red hat, is probably more popular now with the govt. than HP's trusted systems. And other add ons offered by HP provide as good as security over users, like sudo and ssh.

Re: trusted

Hakki Aydin Ucar — Mon, 14 Sep 2009 10:50:11 GMT

>Well, the 2nd and 3rd responses are advertisements.

it depends what asker needs exactly

>SE Linux offered by red hat, is probably more popular now with the govt. than HP's trusted systems

good knowledge to share, thanks , but sounds like a little bit out of topic.
As I said:

it depends.

Regards