- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Changing Untrusted system to Trusted System
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-10-2011 11:16 PM
тАО04-10-2011 11:16 PM
I have server running on HP-UX 11.23 .Can anybody tell how to change Untrusted system to Trusted System.If i am changing system to trusted system, application will get affect or no???...
Regards,
PVM.
Solved! Go to Solution.
- Tags:
- trusted mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2011 01:39 AM
тАО04-11-2011 01:39 AM
Re: Changing Untrusted system to Trusted System
Use the command /usr/lbin/tscovert to convert to a trusted system although it is always advisable to use SAM for conversion to a trusted system. This would create a /tcb structure and would harden your system in terms of user accounts. If you have the Trusted migration product you can also make use of the SMSE database.
On SAM on auditing and security you should see the option to "convert" to a trusted system. On a modern 11.31 operating system this type of conversion is pretty much an outdated form of hardening your system in terms of the user account aspect.
Regards
Ismail Azad
- Tags:
- SMSE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2011 01:45 AM
тАО04-11-2011 01:45 AM
SolutionStart SAM, select "Auditing and Security" -> "System Security Policies".
SAM should automatically show you a prompt: "The system is not in trusted mode. Before applying security policies, the system must be converted to trusted mode...
Do you want to convert the system to trusted mode? (Yes/No)"
If you answer Yes, SAM will automatically convert the system to Trusted System mode.
If your application does not use HP-UX system passwords or any other authentication information, it will not be affected at all.
If the application uses PAM libraries to perform authentication, it will most likely not be affected at all.
But if the application expects to read password hashes from /etc/passwd (either by reading the file directly, or by using getpwent()/getpwuid()/getpwnam() system calls) and cannot support the getprpwent()/getprpwuid()/getprpwnam() system calls specific to Trusted System mode, the authentication functions of the application will fail.
In untrusted mode, a HP-UX system only stores the first 8 characters of each password: the rest are ignored. In trusted mode, the system can support longer passwords, so the characters after the 8th will no longer be ignored.
If your users are currently using a password that is longer than 8 characters, that password will not be accepted after the conversion to Trusted System mode is complete. The workaround for the users is to log in typing only the first 8 characters of their passwords, then use the "passwd" command to change the password (entering only the first 8 characters to the "old password" prompt and normally to the rest of the prompts). After the password has been changed once, all passwords (even ones longer than 8 characters) should again work as expected.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2011 03:49 AM
тАО04-11-2011 03:49 AM
Re: Changing Untrusted system to Trusted System
I want to lock the user, when he tries to login multiple times(wrong username and passwd).Is there any way.I have HP-UX 11.23.
System is running in untrusted mode.
Regards
PVM.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2011 02:32 PM
тАО04-11-2011 02:32 PM
Re: Changing Untrusted system to Trusted System
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-22-2011 11:07 AM
тАО04-22-2011 11:07 AM
Re: Changing Untrusted system to Trusted System
I know this also can track failed logins and lockout accounts after a pre-defined number - just like what Trusted Mode can do.
Using this would mean you wouldn't have to change into trusted mode.
I haven't used SMSE on 11iv2 (but I know you can use it), but on 11iv3 it works well...
It requires the use of /etc/shadow...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-22-2011 12:53 PM
тАО04-22-2011 12:53 PM
Re: Changing Untrusted system to Trusted System
Be advised that 11.31 (11iv3) is the last release to support a Trusted System. See the manpages for 'getprpw (1M)'.
Regards!
...JRF...