System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Trusted System --? Procedure --?

SOLVED
Go to solution
ln_unix
Frequent Advisor

Trusted System --? Procedure --?

Hello All,

I need help of yours...

I want to know that what is a trusted system?

Also, the step by step procedute to make a system trusted system....

Please tell me the step by step procedure...

Thanks in advance...

Best Regards,
LN
8 REPLIES
James R. Ferguson
Acclaimed Contributor
Solution

Re: Trusted System --? Procedure --?

Hi:

See Appendix-A of:

http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c01944073/c01944073.pdf

Trusted Systems are deprecated at 11.31 (the last release to support them).

Regards!

...JRF...
Tim Nelson
Honored Contributor

Re: Trusted System --? Procedure --?

Emil Velez
Honored Contributor

Re: Trusted System --? Procedure --?

you should not need trusted systems for 11.23 and 11.31 since auditing and extended user management of logins and passwords can be done with SMSE security extensions and SMSE auditing.


Basheer_2
Trusted Contributor

Re: Trusted System --? Procedure --?

Trused system mas more fatures than the normal default security ofHP-UX.

for eg: you can have longer password lengths, many more password/account controls.

tsconvert to convert to trusted system
and
tsunconvert to back to normal system.
Paul Ettema
Advisor

Re: Trusted System --? Procedure --?

Hi LN,

Pay attention for (oracle) listeners.
We had a problem with one of our applications.
File creation by (oracle) listener use umask 066 (in trusted mode)

if you want to change this ?
set umask just before starting command of (oracle) listener.

P.M.E.

Emil Velez
Honored Contributor

Re: Trusted System --? Procedure --?

all of the extended security features of trusted systems except for generating passwords is available with SMSE security at 11.23

Trusted system conversion is not really necessary to provide additional security at 11.23
KathyL1
Valued Contributor

Re: Trusted System --? Procedure --?

[i]All of the extended security features of trusted systems except for generating passwords is available with SMSE security at 11.23

Trusted system conversion is not really necessary to provide additional security at 11.23[/i]
KathyL1
Valued Contributor

Re: Trusted System --? Procedure --?

SMSE may offer many of the features provided by TCB but the shadow password system, even with SMSE installed, lacks some of the very significant security features of TCB - and, even with the latest release of 11.31, this is still the case.

Basically, shadow password does NOT enforce all of the attributes defined in /etc/default/security for the root user (for either the root user password or non-root user passwords changed by the root user).

While the HP-UX Security Management guide states repeatedly that the attributes configured in this file are system-wide the security(4) man page advises that some attributes only apply to non-root users (ie, ALLOW_NULL_PASSWORD, MIN_PASSWORD_LENGTH and PASSWORD_MIN_type_CHARS). All of these attributes are, however, enforced for the root user on a system using TCB.

With TCB being deprecated in 11.31 I first asked HP more than a year ago to provide the OPTION of enforcing all password policies for the root user as we have a legal requirement for these and cannot change to shadow password without them.

Initially HP declined this enhancement request (even though we could not ever legally use 11.4x without it) but I persisted with my request and, last month, I finally received advice that this OPTION will be provided in a future release of 11.31 - at this stage it is expected to be available sometime in 2011.

Kathy

PS: Sorry about my previous post - I meant to select the preview option to see if I could include text in italics but I accidentally clicked on submit instead. :(