- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: /etc/default/security versus /var/adm/userdb
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2013 10:38 AM
тАО03-11-2013 10:38 AM
"security" is system wide while "userdb" will individually override "security". Can anyone give a good case for allowing the use of userdb, i.e., is it used for "roles"?
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2013 09:12 AM
тАО03-12-2013 09:12 AM
Re: /etc/default/security versus /var/adm/userdb
You'd think, that with 20+ views, an answer would be forthcoming. Or is everyone just "cherry picking" Q&A postings?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2013 05:09 AM
тАО03-13-2013 05:09 AM
SolutionExample 1:
You have an application that is being run on a particular user account. The application requires that the account must not be disabled, but nobody is supposed to directly login to that account. You have used sshd_config, PAM configuration and/or other means to prevent anybody from directly logging on as the application user.
There is a requirement that all users' passwords must expire in 90-day intervals. After implementing this system-wide using /etc/default/security, this requirement applies to the application user too. So now you have a time-bomb in your system: you must refresh the password on the application user account, even though you have blocked any possibility to actually login with that account. If you don't do this, the application stops working.
Solution: after a careful consideration and documentation of your precautions, use userdb to waive the 90-day password renewal requirement for the application user account only.
Example 2:
You have a standard policy that requires all users' passwords to expire in 90-day intervals, implemented in /etc/default/security.
Then the cranky old CIO says: "I don't want to deal with this. Make it so I don't have to."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2013 06:20 AM
тАО03-13-2013 06:20 AM
Re: /etc/default/security versus /var/adm/userdb
Thx. Just needed some outside confirmation. Unfortunately, management doesn't "trust" its own people; they need to see the answer coming from an impartial, external source to believe it.