System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

To configure shadow password.

 
jeevarajkn
Frequent Advisor

To configure shadow password.

Hello,

I`m using HPUX 11.23 I would like to change password store from passwd to shadow.

can anyone help explain me the impact/feasibility/advantage/risk of this change. I have the knowledge in configuration part but want to know more details about the impact and advantage of this.

My all HP-UNIX server are running with 11.23 OS version and oracle 10g DB and some of the third party s/w also.

Thanks in advance.
5 REPLIES
TTr
Honored Contributor

Re: To configure shadow password.

The only impact I can think off right away is if you have NIS and if you are using home written scripts that edit the password file directly (to create, delete, disable users etc). And anything else home grown that looks for information on the password file regarding the real username shell etc.
Deeos
Regular Advisor

Re: To configure shadow password.

hi,

Actually shadow is used to make any modification of user management.so I don't think, it would be goes major impact of your machine
Deepak
Steven E. Protter
Exalted Contributor

Re: To configure shadow password.

Shalom,

I see no downside to doing this.

You will find it improves compatability with Linux systems as well.

You should test this out in a sandbox type of server before trying it in production.

I recently did this to a pair of D class 11.11 systems in my home. No negative impact, but these were not production servers.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
James R. Ferguson
Acclaimed Contributor

Re: To configure shadow password.

Hi:

I see only advantages in improved security and in additional security features by moving to a 'shadow' password implementation. There is a decent overview of features in the 11.11 add-on product sheet here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

As it notes, any standard libc or Perl interface works just fine with it. If you have scripts (shell too) that directly read '/etc/passwd' the only difference they will note is that the password field (field #2, one-relative) will be replaced with a lowercase letter "x".

Moving forward from 11.23 you will find that the 'shadow' implementation is the basis for even more security enhancements:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PHI11i3

Regards!

...JRF...
Regards!

...JRF...
dirk dierickx
Honored Contributor

Re: To configure shadow password.

depends, we had some old boxes around running an ancient version of 'sudo' for example. when finally converted to use shadow files, sudo no longer worked.

just saying, if your box is up-to-date, you should not expect any problems. is there software on, using the system passwords and older then 2 years. might be worth checking for updates first.