topic Re: Duplicate audit IDs in Operating System - HP-UX

Duplicate audit IDs

Jeff_Traigle — Tue, 28 Feb 2006 10:29:00 GMT

Haven't managed to find references to this through various searches. What are the implications of having duplicate audit IDs for users in a Trusted system configuration? Anything beyond problems if auditing is actually enabled? I've seen this happen at a couple of places because tcb files for users get copied from one system to another. If the user accounts aren't all created on one system initially, not too difficult for duplicates in the tcb files to propogate everywhere. Not aware of any problems they ever experienced because of it since auditing wasn't enabled, but seems like not such a great practice.

Re: Duplicate audit IDs

Peter Godron — Tue, 28 Feb 2006 10:57:04 GMT

Jeff,
I believe the OS would not allow you to add a new user with a duplicate audit id.

So I would think HP would want to prevent this situation for the reasons you mentioned.
I tend to create scripts to create users on a new machine, rather than copying the files.
Running the script should give you the warnings/errors.

Re: Duplicate audit IDs

David Nixon — Wed, 08 Mar 2006 11:36:10 GMT

I don't use Auditing and for new trusted
records specify the same "placeholder" audit ID - with the audit flag set to 0.
This policy has not given me any problems.

I noted, when converting to trusted systems, that audit IDs were generated starting with 0 and then taking the next lowest unused value. This implies that for a given UID the audit ID mapping may vary amongst systems.