- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- How to recover Trusted System accounts
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2010 11:11 AM
тАО02-08-2010 11:11 AM
How to recover Trusted System accounts
This may be a SysAdmin101 question, but I've run into this problem at our DR site and have never really figured out a solution that I could rely on.
Situation:
We do regular DR exercises. The DR site has different, but comparably powered systems (we have a PA-RISC Dome here, and we recover on an rp8400). We are running 11.11 in Trusted Mode.
When we go to the DR site, the DR system is set up for me before I get there in UNTRUSTED mode. So one of the things I need to do is recover my accounts.
Problem:
Before I convert the system to Trusted Mode, I recover /etc/passwd, group, /tcb, etc. Then I convert it to Trusted Mode. The problem is that at that point, none of the passwords will work. The accounts are there, but no passwords will work. If I convert BACK to Untrusted Mode, all is find and the passwords work.
Since we are running in Trusted Mode here (and I need to there for security reasons), how do I recover the TCB DB so the passwords will work as they should?
We have our next exercise in a couple of weeks so I'd like to figure this out before we go.
Also, I know that in untrusted mode it only uses the first 8 characters. But since I'm restoring the TCB DB and converting it to Trusted Mode, it SHOULD use the full length passwords, not just the first 8 characters.
What am I missing?
TIA to any that has a suggestion!
-G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2010 11:15 AM
тАО02-08-2010 11:15 AM
Re: How to recover Trusted System accounts
That should work better.
All passwords will be intact and all password aging and lockout information will be as of the last backup.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2010 11:16 AM
тАО02-08-2010 11:16 AM
Re: How to recover Trusted System accounts
Why not periodically make an Ignite recovery tape and use that to clone your home image to your recovery site hardware. As long as similar hardware is used, this should provide you a complete look-alike restoration.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2010 11:28 AM
тАО02-08-2010 11:28 AM
Re: How to recover Trusted System accounts
JRF- I've thought of that and the problem there is that it's not similar hardware. We are running a Dome here and at the DR site we have an rp8400. Last I checked, you can't use an ignite tape across systems like that. We also have more memory here than at the DR site, not that it matters that much for recovery. But the point is, it is different H/W.
-G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2010 01:18 PM
тАО02-09-2010 01:18 PM
Re: How to recover Trusted System accounts
We do this for two DR systems.
- extract the list of all relevant users on the Live server
- compare with those on the DR server
- reconcile differences (delete users that have disappeared and add any new users) since the last run.
- fix up any password changes by running /usr/sam/lbin/usermod.sam on the DR server using encrypted passwords from the Live server.
We avoid doing any editing of the user data and strictly use the proper interfaces (useradd, userdel, usermod commands) for all account managemnt.
Our scripts are a bit complicated by the fact that one of the Live systems is not Trusted but its DR is! However, the outline process is much the same. In one scenario we establish/maintain a ssh tunnel to get the necessary network plumbed in.