Simpler Navigation coming for Servers and Operating Systems
Coming soon: a much simpler Servers and Operating Systems section of the Community. We will combine many of the older boards, and you won't have to click through so many levels to get at the information you need. If you are looking for an older board and do not find it, check the consolidated boards, as the posts are still there.
Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Difference between security files of trusted systems.

Highlighted
OScar123
Advisor

Difference between security files of trusted systems.

Query 1:

Guys, In 11.31 what is the difference between these security files

 

/tcb/files/auth/system/default  and /etc/default/security.

 

Which one to modify for setting user default password policies.

 

Query2:

And I understand that these files are used for global setting and userdb is for per user basis, but then why am i getting this error on my trusted system.

 

server1:/#userdbget xyz
userdbget: not allowed on a Trusted System


 

 

 

3 REPLIES
Dennis Handly
Acclaimed Contributor

Re: Difference between security files of trusted systems.

>userdbget: not allowed on a Trusted System

 

I don't see anything specific about userdbget(1m) and limitations.  But I guess it must only work for shadow database and not trusted.

Bill Hassell
Honored Contributor

Re: Difference between security files of trusted systems.

The Trusted system database (actually, files and directories are all within /tcb. Some global settings for Trusted are in the /tcb/files/auth/system directory and some are defined in the /etc/default/security file. Individual login settings are part of the user's login file in /tcb/files/auth/[A-Za-z] directories.

 

userdbget has nothing to do with Trusted systems. But to make things complicated, the 2 security environments do use the same /etc/default/security file.



Bill Hassell, sysadmin
OScar123
Advisor

Re: Difference between security files of trusted systems.

I found one link on net which say that /tcb/files/auth/system is used only by trusted system and /etc/default/security can be used in trusted as well as non trusted systems. 

 

 

 

Is it right..

 

If it is right then suppose if i set a different password expiry value in /tcb/files/auth/system as well as /etc/default/security then which one  will be effective??