topic Re: shadow passwd file on a NON-trusted machine. in Operating System - HP-UX

shadow passwd file on a NON-trusted machine.

B. Chapman — Tue, 19 Dec 2000 16:03:44 GMT

Is it possible to implement a shadow passwd file WITHOUT converting to a trusted system?

Thanks in advace...
Ben Chapman
bchapman@telcordia.com

Re: shadow passwd file on a NON-trusted machine.

Senta Buck — Tue, 19 Dec 2000 16:08:06 GMT

Yes it is.

Re: shadow passwd file on a NON-trusted machine.

Senta Buck — Tue, 19 Dec 2000 16:10:08 GMT

Do you know how to create?
Otherwise:
senta@senta.ch

Re: shadow passwd file on a NON-trusted machine.

CHRIS_ANORUO — Tue, 19 Dec 2000 16:15:58 GMT

It is better to convert to TS to have all the seurity works.

Re: shadow passwd file on a NON-trusted machine.

Dan Hetzel — Tue, 19 Dec 2000 16:19:16 GMT

Hi Senta Buck,

As I've been believing until now that this wasn't possible on HP-UX,
I'd really like to learn how you managed to convert your passwd file without converting to trusted system.

Could you please explain ?

Thanks,

Dan

Re: shadow passwd file on a NON-trusted machine.

Victor BERRIDGE — Tue, 19 Dec 2000 17:07:38 GMT

Hi Dan,
Well done! when did you change hat? (Ive missed something?)

About this question, except creating /.secure/etc/passwd but Ive not tested this under HPUX10 or 11, there is always pwconv, but the result is very similar (if not the same) to a trusted system...
I agree with you I would like to know a bit more, and in fact am quite surprised by such an answer: yes I know, if you dont know how then heres my email...
I find it in contradiction with the spirit of such a forum, you are here because you wish to learn, or share your knowledge in an open way, accept to answer when asked... with every one...

Re: shadow passwd file on a NON-trusted machine.

Patrick Wallek — Thu, 21 Dec 2000 02:31:06 GMT

I am surprised by the answer as well. I have always been under the impression that in order to have a shadow password file you had to be on a trusted system.

I, too, would be very interested in knowing how to do it. Especially if it is a way that is supported by HP.

Re: shadow passwd file on a NON-trusted machine.

Bill Hassell — Thu, 21 Dec 2000 02:58:32 GMT

The login/passwd commands as wellas many library routines would all have to be modified in order to find the hidden password file. The standard commands do not have any knowledge of the shadow password file...thus it will not be used. A strings search of /usr/bin/login shows no references to the /.secure location.

Re: shadow passwd file on a NON-trusted machine.

Senta Buck — Thu, 21 Dec 2000 09:06:26 GMT

Dear Dan, Dear Victor
I read this question and I didn't know the answer. But I really want to know the answer.

So I ask some of the guys who sit arround me.
(all guys with more than 5 year unix experience)
And they say "yes it is." I don't now until today how I can do "this" without converting to a trusted system. But as they say "it is possible" I belive in their knowledge.

To find out by myself I take one of our testsystems and... I try to find out, without their help.
If I can't get a result, I will ask them how they "fix this".

And the result... of course I will poste in this forum, not by email.

Thanks

Re: shadow passwd file on a NON-trusted machine.

Senta Buck — Thu, 21 Dec 2000 09:32:18 GMT

Finally it was my fault to "just" trust in their answer(whitout testing by myself).
But this is all.

Re: shadow passwd file on a NON-trusted machine.

B. Chapman — Thu, 21 Dec 2000 14:23:21 GMT

Senta,

Thanks for at least trying! I appreciate the help. For now, I'm just going to convert one of my test systems to a TS - which is kind of a segue to another question: Does anyone run Oracle 7.x, 8.x, or 8i on a TS? Are there any licensing dilemnas? SQL*Net dilemnas? I really should be posting this type of question on an Oracle forum - but since I'm here right now! ;-)

Thanks again Senta-
Ben.
bchapman@telcordia.com

Re: shadow passwd file on a NON-trusted machine.

Dan Hetzel — Thu, 21 Dec 2000 15:01:26 GMT

Senta,

That's OK. You've definitely been misinformed.

Victor,

You're right, it's a brand new hat. Just before the turn of the century, by chance.

Running 'pwconv' will tell you that your system isn't a trusted host and will ask you if you want to convert it to.
Back to square one...

Ben,

I'm afraid that you'll have to convert to trusted host if you want to have the password shadowing. You can turn all the auditing off anyway. It doesn't make much difference, apart from the password restrictions.

Best regards and merry Christmas to all

Dan

Re: shadow passwd file on a NON-trusted machine.

Victor BERRIDGE — Thu, 21 Dec 2000 15:36:15 GMT

I run oracle on trusted systems, no there is no licensing dilemna that I know of...
Good luck

Re: shadow passwd file on a NON-trusted machine.

Victor BERRIDGE — Thu, 21 Dec 2000 16:03:14 GMT

Dear Senta,
Thanks for keeping in touch, you made us revise, my apologies if I offenced you...
Did us some good to wonder if our certitudes were still up to date...
Best wishes

Victor