- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: HPUX 11.11 password shadow and Informix
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2004 11:24 PM
тАО05-12-2004 11:24 PM
Informix says that the only thing that they do is perform a getspent() which should allow the authentication to the users but it does not seem happen.
Does anyone have any ideas?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2004 12:00 AM
тАО05-13-2004 12:00 AM
Re: HPUX 11.11 password shadow and Informix
You could check this link:
http://www.usenix.org/publications/login/1999-10/letters.html
Regards,
Gideon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2004 01:39 AM
тАО05-13-2004 01:39 AM
Re: HPUX 11.11 password shadow and Informix
The shadow password package now removes visibility to the encrypted password to all users, in order to stop people running crack programs which guess passwords, encrypt each guess using the library encryption function and compare the encrypted guess against what is is the passwd file.
I suspect that this is what informix does, too, using your entered password and either getpsent() or getpwent().
Although the engine is suid root, the tools are not and I suspect that this may have something to do with the problem.
What we need to know is:
Does the HP shadowed password return anything in the password field for getpwent()? I suspect that it does not and should not, because it would defeat the object of /etc/shadow, but what if the user is effectively root?
Secondly, does informix do what I think it does, comparing the encrypted user input with the entry returned by getpwent().
What is the effective user id when informix does its authentication?
Does informix now support PAM?
How does it all work anyway?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2004 01:48 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2004 01:50 AM
тАО05-13-2004 01:50 AM
Re: HPUX 11.11 password shadow and Informix
Under C2, the call to get the password entry changes from getpwent to getprpwent - and it usually breaks a lot of client/server applications.
I can't for the life of me remember if the shadow password bundle itself uses a /etc/shadow passowrd file or whether it uses /tcb/files/auth. If it uses /etc/shadow, the getspent won't work:
The secured password facility is implemented without the use of the /etc/shadow file. getspent(), getspnam(), setspent(), and endspent() read from the trusted system's protected password database (/tcb/files/auth/*/*) and not /etc/shadow. The file /etc/shadow is not used in any way by the HP-UX login facility.
Also bear in mind that the shadow password depot is NOT compatible with NIS or LDAP (at least not when I last looked at it).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-14-2004 11:02 PM
тАО05-14-2004 11:02 PM
Re: HPUX 11.11 password shadow and Informix
Sorry for the slow response, I was in Veritas Cluster 4 training and still having to work so my plate was quite full.
In our environment, we are only running the depot version because Trusted hosts is not allowed. I talked with the Informix DBA and they are going to try to schedule a meeting with myself and the Informix Tech because I don't think the Informix products that we are using have PAM support and that Informix will have to actually fix the problem from their end.
I am going to perfom some additional test this weekend and will keep you posted. I will assign points next week.
If you have any other suggestions or insights in the meantime please feel free to add them to the thread.
Thanks
Grady
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-16-2004 09:31 PM
тАО05-16-2004 09:31 PM
Re: HPUX 11.11 password shadow and Informix
What errors are reported in the online.log?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2004 10:51 PM
тАО06-08-2004 10:51 PM
Re: HPUX 11.11 password shadow and Informix
She tried it with the most recent version of Informix. The version escapes me now so I won't worry about it.
I want to thank you guys for your responses and since this seems like it will not be solved in the short time, I will go ahead and send out some points for the good leads.
Grady