- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Disadvantages of Trusted Systems anymore ?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2009 03:27 AM
тАО09-14-2009 03:27 AM
1-Incompatible with NIS
2-Incompatible with that need directly modify /etc/passwd
is there any other issue that anybody experienced ,please let me know.
Regards.
Solved! Go to Solution.
- Tags:
- trusted mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2009 03:36 AM
тАО09-14-2009 03:36 AM
SolutionIn my mind, the biggest disadvantage is that Trusted Systems are deprecated in 11.31 and will not be supported in a subsequent release.
The '/etc/shadow' password implementation is more consistent with other UNIX/LINUX and is the foundation for a number of evolving security enhancements.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2009 03:58 AM
тАО09-14-2009 03:58 AM
Re: Disadvantages of Trusted Systems anymore ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2009 04:00 AM
тАО09-14-2009 04:00 AM
Re: Disadvantages of Trusted Systems anymore ?
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt
Setting up new systems with Trusted Mode makes little sense now unless there is something very specific that only Trusted Mode can offer.
HTH
Duncan
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2009 04:13 AM
тАО09-14-2009 04:13 AM
Re: Disadvantages of Trusted Systems anymore ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2009 04:13 AM
тАО09-14-2009 04:13 AM
Re: Disadvantages of Trusted Systems anymore ?
http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria
HP-UX Certifications against this are here:
http://h20338.www2.hp.com/hpux11i/cache/532758-0-0-0-121.html
HTH
Duncan
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2009 04:16 AM
тАО09-14-2009 04:16 AM
Re: Disadvantages of Trusted Systems anymore ?
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword
HTH
Duncan
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2009 01:28 PM
тАО09-14-2009 01:28 PM
Re: Disadvantages of Trusted Systems anymore ?
TCB is going away. Better prepare for it.
It is much better to use Shadow Passwords
(especially on HP-UX 11.31, which has lot
of additional features).
One of the bad sides of TCB is that /tcb
directory structure is root-read only, and
there are numerous applications that cannot
get authenticated.
On the other hand, the biggest disadvantage
of Shadow Passwords on is that it does not
support passwords longer than eight
characters.
The new bundles for much longer Shadow
Password support on HP-UX 11.31 (up to 255
characters) is in testing now.
Some parts of HP-UX 11.31 0909 release
have already been made aware of longer
password support.
Cheers,
VK2COT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-23-2009 05:30 PM
тАО09-23-2009 05:30 PM
Re: Disadvantages of Trusted Systems anymore ?
> unless there is something very specific that only Trusted Mode can offer.
Trusted mode does indeed offer very specific protection that is *NOT* available with Shadow passwords on 11.31 servers. Trusted Mode is the *ONLY* system that enforces password length, complexity, ageing, history, etc policies for the root user account.
With Shadow passwords the password length, complexity, ageing, history policies specified in the /etc/default/security file do *NOT* apply to the root user account - they only apply when a non-root user changes a password. As a result the root user can bypass these policies when changing the password for itself *AND* for other users - the root user can even set passwords to null!!
Due to our security requirements we'll be sticking with Trusted Mode for the foreseeable future!!
Kathy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-30-2009 06:22 PM
тАО09-30-2009 06:22 PM
Re: Disadvantages of Trusted Systems anymore ?
For good reason. NIS is an archaic password system that broadcasts the passwords all over the network. It was probably useful in the days before the Internet but no auditor would allow NIS in a secure environment. NIS+ is a better choice but not many OS's can use it. LDAP is the more common method for multi-platform authentication.
> 2-Incompatible with that need directly modify /etc/passwd
Also a very good feature. No program should ever, ever be allowed to modify the passwd file that is not part of the OS.
> One of the bad sides of TCB is that /tcb
directory structure is root-read only, and
there are numerous applications that cannot
get authenticated.
Actually, I consider /tcb root-read only is a very great benefit. The numerous applications are dinosaurs that were written before industry standard PAM interfaces became available, or worse, these are new programs written by programmers that need to go back to changing tapes.
Trusted is still a supported security method for all current versions of HP-UX and I'll be recommending it for 11.31 systems. Since 11.31 will be around for a few years, I'll be waiting for a replacement that actually improves on Trusted features.
Bill Hassell, sysadmin