HPE Community
Operating System - HP-UX
1753511 Members
5375 Online
108795 Solutions
New Discussion юеВ

Re: To configure shadow password.

 
jeevarajkn
Frequent Advisor

тАО10-15-2009 04:15 AM

тАО10-15-2009 04:15 AM

To configure shadow password.

Hello,

I`m using HPUX 11.23 I would like to change password store from passwd to shadow.

can anyone help explain me the impact/feasibility/advantage/risk of this change. I have the knowledge in configuration part but want to know more details about the impact and advantage of this.

My all HP-UNIX server are running with 11.23 OS version and oracle 10g DB and some of the third party s/w also.

Thanks in advance.
0 Kudos
Reply
5 REPLIES 5
TTr
Honored Contributor

тАО10-15-2009 04:27 AM

тАО10-15-2009 04:27 AM

Re: To configure shadow password.

The only impact I can think off right away is if you have NIS and if you are using home written scripts that edit the password file directly (to create, delete, disable users etc). And anything else home grown that looks for information on the password file regarding the real username shell etc.
0 Kudos
Reply
Deeos
Regular Advisor

тАО10-15-2009 01:33 PM

тАО10-15-2009 01:33 PM

Re: To configure shadow password.

hi,

Actually shadow is used to make any modification of user management.so I don't think, it would be goes major impact of your machine
Deepak
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-15-2009 01:35 PM

тАО10-15-2009 01:35 PM

Re: To configure shadow password.

Shalom,

I see no downside to doing this.

You will find it improves compatability with Linux systems as well.

You should test this out in a sandbox type of server before trying it in production.

I recently did this to a pair of D class 11.11 systems in my home. No negative impact, but these were not production servers.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО10-15-2009 02:02 PM

тАО10-15-2009 02:02 PM

Re: To configure shadow password.

Hi:

I see only advantages in improved security and in additional security features by moving to a 'shadow' password implementation. There is a decent overview of features in the 11.11 add-on product sheet here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

As it notes, any standard libc or Perl interface works just fine with it. If you have scripts (shell too) that directly read '/etc/passwd' the only difference they will note is that the password field (field #2, one-relative) will be replaced with a lowercase letter "x".

Moving forward from 11.23 you will find that the 'shadow' implementation is the basis for even more security enhancements:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PHI11i3

Regards!

...JRF...
Regards!

...JRF...
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО10-15-2009 10:49 PM

тАО10-15-2009 10:49 PM

Re: To configure shadow password.

depends, we had some old boxes around running an ancient version of 'sudo' for example. when finally converted to use shadow files, sudo no longer worked.

just saying, if your box is up-to-date, you should not expect any problems. is there software on, using the system passwords and older then 2 years. might be worth checking for updates first.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.