- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- How to convert back to Untrusted mode?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2010 06:04 AM
тАО03-08-2010 06:04 AM
How to convert back to Untrusted mode?
I am faced with a big problem. As part of testing security weakness, I converted our testing environment to trusted mode. After converting, all applications work perfectly apart from logging or su to root account. I found that its caused by the max password length set to 8 characters but root password and other accounts with password length more then 8 char cannot log on. So in short my system is in trusted mode and the root account is locked/disable. How do I convert back? Any procedures would be appreciated.
HPUX:11.11
Thank you in advance.
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2010 06:16 AM
тАО03-08-2010 06:16 AM
Re: How to convert back to Untrusted mode?
# /usr/lbin/modprpw -k root
this is done in SAM:
->Auditing and Security
->Audited Users
Actions -> Unconvert the System
This will move the passwords back to /etc/passwd and removes the /tcb directory structure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2010 06:19 AM
тАО03-08-2010 06:19 AM
Re: How to convert back to Untrusted mode?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2010 07:06 AM
тАО03-08-2010 07:06 AM
Re: How to convert back to Untrusted mode?
i too faced the same problem earlier and used same solution as mentioned by Patric.
After login in the server, you can use Johnsn suggestion if you are going to convert through SAM or use below
comand to convert system in untrusted mode.
#/usr/lbin/tsconvert -r
thnx...farhan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2010 11:27 AM
тАО03-08-2010 11:27 AM
Re: How to convert back to Untrusted mode?
you can clear out the password by modifiying /tcb/files/auth/r/root
:u_pwd=:\
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2010 10:31 PM
тАО03-08-2010 10:31 PM
Re: How to convert back to Untrusted mode?
@Tim Nelson: Remember the root account is lock and I have no superuser privileges to modify /tcb/files/auth/r/root => "Access Denied"
@MD Farhan A Azam: Root account is locked I dont have superuser priviledges to execute the command /usr/lbin/modprw -k root.
@Partick Waller: I tried the first 8 characters but still no luck
The big problem here is how to I unlock the root account which I need to revert back to untrusted mode.
Thank you in advance.
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2010 11:18 PM
тАО03-08-2010 11:18 PM
Re: How to convert back to Untrusted mode?
Thank you in advance.<<<<<<<<<<<
1) Stop all your application & database
2) can you perform "Grace full reboot" by using other root privilege account ? reboot server in Single User mode
3) # shutdown -ry 0
Hit any key to interrupt boot process
At Main menu, boot up from BC root disk:
Main Menu > bo pri
Interact with IPL (Y or N)?> y
ISL>hpux -is
# mount -a
# /usr/lbin/modprpw -k root
Follow above steps to convert back to untrusted system which has been posted on earlier post
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 12:09 AM
тАО03-09-2010 12:09 AM
Re: How to convert back to Untrusted mode?
Boot the System and interrupt it at boot Time :
1> Main Menu > bo pri
2> Interact with IPL(Y or N)?> y
3> ISL prompt type : hpux -is
This would take you into the Single user mode where u can change the password
4> Mount all the file System
mountall
5> Change the system to untrusted mode
/usr/lbin/tsconvert -r
6> Then edit the file /tcb/files/auth/r/root
make the passwd field null
7> After that reset the password to your desire
passwd root
8> Once you have reset the password you can turn the system to the Trusted mode
/usr/lbin/tsconvert -c
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 02:57 AM
тАО03-09-2010 02:57 AM
Re: How to convert back to Untrusted mode?
Do you have sudo on that machine activated? If there is a user with sudo rights you could easily reset the password for root. For this sudo need to be set up that it will ask for the source users own password. If not so, maybe there is a chance to modify /etc/sudoers in a similar way (also with sudo).
Unix operates with beer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2010 10:38 PM
тАО03-09-2010 10:38 PM
Re: How to convert back to Untrusted mode?
The machine on which I tested Trusted Mode is part of a virtual partition (forgot to mention this in the problem description).
So I performed the following:
1. vparreset from another host in the same partition.
2. Then followed the suggested recommendations to unlock root password.
Thank you so much again!
Regards,
Michael