cancel
Showing results for 
Search instead for 
Did you mean: 

Shadow Passwd

SOLVED
Go to solution
PVM_2
Occasional Contributor

Shadow Passwd

Hi,

Converting /etc/passwd to /etc/shadow using pwconv will affect applications.I have oracle users in my system.System is HP-UX 11.23.

Regards,
PVM.
4 REPLIES
YMP
Occasional Visitor

Re: Shadow Passwd

Hello PVM,

When you convert /etc/passwd file to /etc/shadow, all the user's password gets lock.You need to reset the password with password complexity.So if your application user created on OS level then you need to reset/unlock the user.

Thanks

Matti_Kurkela
Honored Contributor
Solution

Re: Shadow Passwd

[Will it affect applications?]

The answer will be very similar to the situation with the Trusted System mode in your earlier thread:

http://h30499.www3.hp.com/t5/System-Administration/Changing-Untrusted-system-to-Trusted-System/m-p/4775901#M390435

 

If your application does not use HP-UX system passwords or any other authentication information, it will not be affected at all.

If the application uses PAM libraries to perform authentication, it will most likely not be affected at all.

But if the application expects to read password hashes from /etc/passwd (either by reading the file directly, or by using getpwent()/getpwuid()/getpwnam() system calls) and cannot support the /etc/shadow-specific fgetspent()/getspnam() system calls, the authentication functions of the application will fail.

On one hand, the getsp...() system calls are standard in many other Unix-style OSs, so many multi-platform applications should be easy to convert to use them on HP-UX too.

On the other hand, the shadow password system is much newer on HP-UX specifically than the old Trusted System mode, so if the application is old and it has not been updated for 11.23/11.31, it is somewhat more likely to have problems with shadow passwords than with the Trusted System mode.

MK

MK
Viktor Balogh
Honored Contributor

Re: Shadow Passwd

>When you convert /etc/passwd file to /etc/shadow, all the user's password gets lock.
>You need to reset the password with password complexity

this is not true. with pwconv, all the password hashes in /etc/passwd will be replaced with an "x", and the existing hashed will be transferred to /etc/shadow. so this means that after a pwconv every user can log in with his/her old password. this is also true to backconverting with pwunconv, the passwords will be retained.
****
Unix operates with beer.
aht
Occasional Visitor

Re: pwconv

we have ia64 hp server rx8640 setup as nPar running 11.23 and we ran pwconv to convert the system to use the shadow passwords. System was not a trusted system. System has locked out all the users login including root. No user can login incl root. Now have to reset the super user password using Single user mode and reboot !!