https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499943#M760347 trusted and C2 aren't the same thing. Just because it's trusted, doesn't mean you mean you meet the governments C2 certification criteria. <BR /><BR />In HP'ese, if you are Trusted and you employ all of the safeguards required by the government, the you're C2. Many of the requirements have to do with auditing and the like (things you get by being trusted, but not necessarily things you have to use when you are trusted). If your not DOD or DOE, you shouldn't have to worry about C2.<BR /><BR />Given that, Trusted and Shadow are fairly similar. It's certainly possible to keep password sync'd between trusted/non-trusted system; it just might be a little harder. Just as there are password extraction capabilities for non-trusted systems, there are similar capabilities for trusted systems:<BR />see <BR />man getprpwent<BR />vs<BR />man getpwent<BR /><BR />You can use these capabilites to keep things in sync.<BR /><BR />Usually if a vendor doesn't run on a trusted system, it's because they haven't taken the 10 minutes required to conditionally reference the trusted system library calls and link to a library :-(.<BR /><BR /> Fri, 02 Mar 2001 14:07:20 GMT Christopher Caldwell 2001-03-02T14:07:20Z https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499939#M760343 hi all,<BR /><BR />i have a system that i have to protect the passwd file, but dont want to trust. is there a way to implement some sort of shadow passwd file on a regular unix system without having to convert to a trusted system<BR /><BR />thx in advance<BR /> Thu, 01 Mar 2001 15:55:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499939#M760343 David Bellamy 2001-03-01T15:55:24Z https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499940#M760344 There is no shadow password file on HP-UX. It is available on sun solaris though. Other than converting your system to trusted, there is not a way I know of the protect the password file from prying eyes. Thu, 01 Mar 2001 15:59:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499940#M760344 Patrick Wallek 2001-03-01T15:59:56Z https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499941#M760345 Why not trust the system?<BR /><BR />Do you use NIS? (this is the only reason I can think of for avoiding a trusted system) Thu, 01 Mar 2001 18:09:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499941#M760345 Duncan Edmonstone 2001-03-01T18:09:41Z https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499942#M760346 thx for the responses,<BR />the reason we didnt want to implement a trusted system had to do with passwd syncing, etc for a serviceguard environment, also its sister node in that environment runs peoplesoft, which is not C2 certified<BR /> Thu, 01 Mar 2001 19:27:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499942#M760346 David Bellamy 2001-03-01T19:27:56Z https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499943#M760347 trusted and C2 aren't the same thing. Just because it's trusted, doesn't mean you mean you meet the governments C2 certification criteria. <BR /><BR />In HP'ese, if you are Trusted and you employ all of the safeguards required by the government, the you're C2. Many of the requirements have to do with auditing and the like (things you get by being trusted, but not necessarily things you have to use when you are trusted). If your not DOD or DOE, you shouldn't have to worry about C2.<BR /><BR />Given that, Trusted and Shadow are fairly similar. It's certainly possible to keep password sync'd between trusted/non-trusted system; it just might be a little harder. Just as there are password extraction capabilities for non-trusted systems, there are similar capabilities for trusted systems:<BR />see <BR />man getprpwent<BR />vs<BR />man getpwent<BR /><BR />You can use these capabilites to keep things in sync.<BR /><BR />Usually if a vendor doesn't run on a trusted system, it's because they haven't taken the 10 minutes required to conditionally reference the trusted system library calls and link to a library :-(.<BR /><BR /> Fri, 02 Mar 2001 14:07:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/shadow-vs-trusted/m-p/2499943#M760347 Christopher Caldwell 2001-03-02T14:07:20Z