Re: Converting untrusted system to trusted

Jonathan Caplette_1 · ‎01-23-2006

Hi guys,

I've got and HP-UX 11.00 system, it's Un-Trusted, and I would like to convert it into a Trusted system... I know that I use sam to do it, but I would like to know if I need a specific patch to do it?? And if I do it will it impact my system access for the user, I mean lock the account or anything like that??

Thanks

DCE · ‎01-23-2006

Jonathan,

If you have system patched to the latest patch bundle you should be good to go.

A couple of potential issues: The conversion only carries over the first eight charactors of the password - so some users may have login issues.

Also, keep a root window open when you do the conversion. Test roots login after the conversion, and if it needs to have it's password reset, you have a root window open to reset the password.

to unlock a users account after conversion

/usr/lbin/modprpw -k userID

to view a users account after conversion

/usr/lbin/getprpw userID

Geoff Wild · ‎01-23-2006

Have a read through:

http://docs.hp.com/en/B2355-90950/B2355-90950.pdf

Trusted System Security starts at page 789.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Steven E. Protter · ‎01-23-2006

Shalom,

If the conversion happens, you are patched enough to do it.

I do recommend haveing the latest well tested patch on any 11.00 system. That's a quarterly update from some time in 2004 if I'm not mistaken.

Some users with expired passwords or who have not used their accounts for some time will become locked. There is a standard set of rules that this process uses to make your system more trustable.

I'm a big believer in trusted systems and try to do it whenever possible. There are NIS impacts to think about though.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

baiju_3 · ‎01-23-2006

Hi,

It won't lock any users .

You can do it on command line by

#/usr/lbin/tsconvert

Regards ..bl.

Good things Just Got better (Plz,not stolen from advertisement -:) )

Hoang Chi Cong_1 · ‎01-23-2006

Hi guy
See on the attachment and you will find what you want!

PS: You should assign point to everyone who takes time to help you.

"I have assigned points to 280 of 404 responses to my questions."

Thanks and best regard,
Hoang Chi Cong

Looking for a special chance.......

Muthukumar_5 · ‎01-23-2006

Refer this:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=638058

Use Bharat's document.

--
Muthu

Easy to suggest when don't know about the problem!

F Verschuren · ‎01-23-2006

/usr/lbin/modprpw -k userID
will actvate the user acount when there are 3 unsucesfull logins,
/usr/lbin/modprpw -v userID
will set you passwd age to 0, this is usefull if there are already passwd ages on your untrusted system this is visable if you have dots in your encripted passwd like so:

username:jkhfdskjfh.??.??:200:200

Kind regarts.

Jonathan Caplette_1 · ‎02-10-2006

I was patched enought and the conversion went very well!!

Thanks
Jonathan

Re: Converting untrusted system to trusted

Converting untrusted system to trusted