topic Re: secure password in Operating System - HP-UX

secure password

attilio_1 — Thu, 08 Jul 2004 06:53:37 GMT

Hi
I try to convert my server in a trusted host.
I have read that to held password in protected database in /tcb/files/auth I must
create /tcb directory and after use the command tsconvert. Is right ?
I have some questions:
after this all password are expired and is necessary enter new password with passwd or putprpwnam ?
if user are not able to login is necessary remove /tcb/files/auth/system/pw_id_map, ..gr_id_map, ..aid_id_map ?
I can use useradd or sam, as before, to add user?
there is something to change in nsswitch.conf ?
applications as oracle or web server oc4j, that has a user to run server, has some problem ?

thanks at all
Attilio

Re: secure password

Michael Tully — Thu, 08 Jul 2004 06:59:34 GMT

You dont create any directories, tsconvert does it for you.

# tsconvert

You can use SAM to set up policies, add users etc. There is no need to touch nsswitch.conf.

The worst part of trusted is that once yo turn it on, all user password expire. Some applications do not like it, but that's part of testing ....

Re: secure password

Michael Tully — Thu, 08 Jul 2004 07:20:42 GMT

To answer the remianing questions:

You can use SAM or useradd etc to still do user administration. It just gets treated in a slightly different manner. Most things get treated the same, just that when trusted is turned more functions are opened and used. What I always suggest with user accounts such as oracle, is that they are used as su accounts only, meaning they are not used as direct login accounts. That way they are managed well (you can see who is using them)

Re: secure password

attilio_1 — Thu, 08 Jul 2004 08:14:36 GMT

Hi
Thank you Michael

Bye
Attilio