Operating System - HP-UX
1748181 Members
3967 Online
108759 Solutions
New Discussion юеВ

How to convert back to Untrusted mode?

 
Michael R Louw
Occasional Contributor

How to convert back to Untrusted mode?

Dear Gurus,

I am faced with a big problem. As part of testing security weakness, I converted our testing environment to trusted mode. After converting, all applications work perfectly apart from logging or su to root account. I found that its caused by the max password length set to 8 characters but root password and other accounts with password length more then 8 char cannot log on. So in short my system is in trusted mode and the root account is locked/disable. How do I convert back? Any procedures would be appreciated.

HPUX:11.11

Thank you in advance.
Michael
9 REPLIES 9
Johnson Punniyalingam
Honored Contributor

Re: How to convert back to Untrusted mode?

Hence your root account has been locked, you can enable back the root account using su ?


# /usr/lbin/modprpw -k root


this is done in SAM:

->Auditing and Security
->Audited Users
Actions -> Unconvert the System

This will move the passwords back to /etc/passwd and removes the /tcb directory structure.
Problems are common to all, but attitude makes the difference
Patrick Wallek
Honored Contributor

Re: How to convert back to Untrusted mode?

The other thing to try is to ONLY enter the first 8 characters of the password for those accounts that have longer passwords.
Md. Farhan A Azam
Trusted Contributor

Re: How to convert back to Untrusted mode?

Hi Michael R Louw,

i too faced the same problem earlier and used same solution as mentioned by Patric.

After login in the server, you can use Johnsn suggestion if you are going to convert through SAM or use below
comand to convert system in untrusted mode.

#/usr/lbin/tsconvert -r


thnx...farhan
Tim Nelson
Honored Contributor

Re: How to convert back to Untrusted mode?

If you are still logged in as root( if you do not, I am not sure how you are going to do the other options suggessted),

you can clear out the password by modifiying /tcb/files/auth/r/root
:u_pwd=:\
Michael R Louw
Occasional Contributor

Re: How to convert back to Untrusted mode?

Dear Gurus thank for the quick responds and suggestions

@Tim Nelson: Remember the root account is lock and I have no superuser privileges to modify /tcb/files/auth/r/root => "Access Denied"

@MD Farhan A Azam: Root account is locked I dont have superuser priviledges to execute the command /usr/lbin/modprw -k root.

@Partick Waller: I tried the first 8 characters but still no luck

The big problem here is how to I unlock the root account which I need to revert back to untrusted mode.

Thank you in advance.
Michael
Johnson Punniyalingam
Honored Contributor

Re: How to convert back to Untrusted mode?

>>>>>The big problem here is how to I unlock the root account which I need to revert back to untrusted mode.

Thank you in advance.<<<<<<<<<<<

1) Stop all your application & database

2) can you perform "Grace full reboot" by using other root privilege account ? reboot server in Single User mode



3) # shutdown -ry 0

Hit any key to interrupt boot process
At Main menu, boot up from BC root disk:

Main Menu > bo pri

Interact with IPL (Y or N)?> y

ISL>hpux -is

# mount -a
# /usr/lbin/modprpw -k root

Follow above steps to convert back to untrusted system which has been posted on earlier post
Problems are common to all, but attitude makes the difference
Ishwar_1
Frequent Advisor

Re: How to convert back to Untrusted mode?

Hope this Information may help u to fix the problem.

Boot the System and interrupt it at boot Time :
1> Main Menu > bo pri

2> Interact with IPL(Y or N)?> y

3> ISL prompt type : hpux -is

This would take you into the Single user mode where u can change the password

4> Mount all the file System
mountall

5> Change the system to untrusted mode
/usr/lbin/tsconvert -r

6> Then edit the file /tcb/files/auth/r/root
make the passwd field null

7> After that reset the password to your desire
passwd root

8> Once you have reset the password you can turn the system to the Trusted mode
/usr/lbin/tsconvert -c


Viktor Balogh
Honored Contributor

Re: How to convert back to Untrusted mode?

Hi Michael,

Do you have sudo on that machine activated? If there is a user with sudo rights you could easily reset the password for root. For this sudo need to be set up that it will ask for the source users own password. If not so, maybe there is a chance to modify /etc/sudoers in a similar way (also with sudo).
****
Unix operates with beer.
Michael R Louw
Occasional Contributor

Re: How to convert back to Untrusted mode?

Thank you all for your contribution!

The machine on which I tested Trusted Mode is part of a virtual partition (forgot to mention this in the problem description).

So I performed the following:

1. vparreset from another host in the same partition.
2. Then followed the suggested recommendations to unlock root password.

Thank you so much again!
Regards,
Michael