HPE Community
Operating System - HP-UX
1829104 Members
3061 Online
109986 Solutions
New Discussion

Re: Converting untrusted system to trusted

 
SOLVED
Go to solution
Jonathan Caplette_1
Super Advisor

‎01-23-2006 06:18 AM

‎01-23-2006 06:18 AM

Converting untrusted system to trusted

Hi guys,

I've got and HP-UX 11.00 system, it's Un-Trusted, and I would like to convert it into a Trusted system... I know that I use sam to do it, but I would like to know if I need a specific patch to do it?? And if I do it will it impact my system access for the user, I mean lock the account or anything like that??

Thanks
0 Kudos
Reply
8 REPLIES 8
DCE
Honored Contributor

‎01-23-2006 06:27 AM

‎01-23-2006 06:27 AM

Solution

Re: Converting untrusted system to trusted


Jonathan,

If you have system patched to the latest patch bundle you should be good to go.

A couple of potential issues: The conversion only carries over the first eight charactors of the password - so some users may have login issues.

Also, keep a root window open when you do the conversion. Test roots login after the conversion, and if it needs to have it's password reset, you have a root window open to reset the password.

to unlock a users account after conversion

/usr/lbin/modprpw -k userID

to view a users account after conversion

/usr/lbin/getprpw userID

Reply
Geoff Wild
Honored Contributor

‎01-23-2006 06:34 AM

‎01-23-2006 06:34 AM

Re: Converting untrusted system to trusted

Have a read through:

http://docs.hp.com/en/B2355-90950/B2355-90950.pdf

Trusted System Security starts at page 789.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Steven E. Protter
Exalted Contributor

‎01-23-2006 07:23 AM

‎01-23-2006 07:23 AM

Re: Converting untrusted system to trusted

Shalom,

If the conversion happens, you are patched enough to do it.

I do recommend haveing the latest well tested patch on any 11.00 system. That's a quarterly update from some time in 2004 if I'm not mistaken.

Some users with expired passwords or who have not used their accounts for some time will become locked. There is a standard set of rules that this process uses to make your system more trustable.

I'm a big believer in trusted systems and try to do it whenever possible. There are NIS impacts to think about though.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
baiju_3
Esteemed Contributor

‎01-23-2006 07:28 AM

‎01-23-2006 07:28 AM

Re: Converting untrusted system to trusted

Hi,

It won't lock any users .

You can do it on command line by

#/usr/lbin/tsconvert

Regards ..bl.
Good things Just Got better (Plz,not stolen from advertisement -:) )
Reply
Hoang Chi Cong_1
Honored Contributor

‎01-23-2006 12:31 PM

‎01-23-2006 12:31 PM

Re: Converting untrusted system to trusted

Hi guy
See on the attachment and you will find what you want!

PS: You should assign point to everyone who takes time to help you.

"I have assigned points to 280 of 404 responses to my questions."

Thanks and best regard,
Hoang Chi Cong
Looking for a special chance.......
Reply
Muthukumar_5
Honored Contributor

‎01-23-2006 04:30 PM

‎01-23-2006 04:30 PM

Re: Converting untrusted system to trusted

Refer this:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=638058

Use Bharat's document.

--
Muthu
Easy to suggest when don't know about the problem!
Reply
F Verschuren
Esteemed Contributor

‎01-23-2006 08:38 PM

‎01-23-2006 08:38 PM

Re: Converting untrusted system to trusted

/usr/lbin/modprpw -k userID
will actvate the user acount when there are 3 unsucesfull logins,
/usr/lbin/modprpw -v userID
will set you passwd age to 0, this is usefull if there are already passwd ages on your untrusted system this is visable if you have dots in your encripted passwd like so:

username:jkhfdskjfh.??.??:200:200


Kind regarts.
Reply
Jonathan Caplette_1
Super Advisor

‎02-10-2006 06:14 AM

‎02-10-2006 06:14 AM

Re: Converting untrusted system to trusted

I was patched enought and the conversion went very well!!

Thanks
Jonathan
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.