HPE Community
Operating System - HP-UX
1752806 Members
5756 Online
108789 Solutions
New Discussion юеВ

Re: converting to trusted machine

 
Trng
Super Advisor

тАО07-15-2009 01:32 AM

тАО07-15-2009 01:32 AM

converting to trusted machine

Dear All,

i have few hpux servers which includes two node clusters (hpux 11.23,mcsg 11.16) .All are standard systems not trusted machines.i am planning to convert to trusted machines...

1--what are the basic requirements to do that
2-What are the challenges
3-once convert ,is there any issu with oracle database/sap application(is this trusted conversion will do any changes in database/application end?
4-how to rollback ?what are the challenges


Hope all Gurus participation on this thread .


rgds
skr
administrator
0 Kudos
Reply
10 REPLIES 10
Kapil Jha
Honored Contributor

тАО07-15-2009 02:01 AM

тАО07-15-2009 02:01 AM

Re: converting to trusted machine

Hello Trng,

1. Basic requirement is ur system should not be running on shadow file system.
If yes change it to normal passwd mode
by pwunconv

2.No challenges except lil passwrd stuff see the below link

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=317809

3.There would not be any kindda issue when u cahnge the passwd mode.

4./usr/lbin/tsconvert -r (* unconvert *)
will unconver.

The only thing as per me should be taken care is we should always have a root session open till the activity finish, else you will have to reboot server in single usermode to have root passwd.

BR,
Kapil+
I am in this small bowl, I wane see the real world......
0 Kudos
Reply
Trng
Super Advisor

тАО07-15-2009 02:48 AM

тАО07-15-2009 02:48 AM

Re: converting to trusted machine


converting a macine from stand to trusted requires reboot ?

database/application needs to be shutdown ?


does passwd to be changed before converting to trusted ?



i have bussiness critical production machines are there ,so this many concerns ..


rgds
skr
administrator
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-15-2009 05:31 AM

тАО07-15-2009 05:31 AM

Re: converting to trusted machine

Before you commit to this activity, please take a look at this page:

Known problems and limitations of trusted computing and possible workarounds:

http://docs.hp.com/en/5992-0553/ar01s03.html?btnNext=next%A0%BB

Also, hp is phasing out trusted computing in favor of security enhancements module in the later versions (I think 11.23 is included) of the hpux. You might want to talk to HP regarding this option.

HTH
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО07-15-2009 05:51 AM

тАО07-15-2009 05:51 AM

Re: converting to trusted machine

Hi,

>>converting a macine from stand to trusted requires reboot ?

database/application needs to be shutdown ?


does passwd to be changed before converting to trusted ?
<<

Answer for all your question is NO. Converting the system into trusted is not a challanging task.
Best wishes,

Ganesh.
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО07-15-2009 05:52 AM

тАО07-15-2009 05:52 AM

Re: converting to trusted machine

Hi Again,

I forgot to add one thing. The recommanded way to convert the system is through SAM.
Best wishes,

Ganesh.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО07-15-2009 06:05 AM

тАО07-15-2009 06:05 AM

Re: converting to trusted machine

Hi:

Why do you want to convert to a Trusted system given that you are running 11.23 and given that 11.31 is scheduled to be the last release to support Trusted configurations?

I would seriously reconsider your objectives and implement the Shadow password mechanism with its attendent enhancements.

Regards!

...JRF...
0 Kudos
Reply
Trng
Super Advisor

тАО07-15-2009 08:39 PM

тАО07-15-2009 08:39 PM

Re: converting to trusted machine

Dear All,

we are not planning to upgrade 11.23 to 11.31 i another 2-3 years.so we want to go ahead with trusted mode conversion.does anyone has trusted mode conversion documentation on 11.23 ?.what are the advantages on converting a system to trusted ?
administrator
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО07-16-2009 04:15 AM

тАО07-16-2009 04:15 AM

Re: converting to trusted machine

Hi (again):

> we want to go ahead with trusted mode conversion.does anyone has trusted mode conversion documentation on 11.23 ?.

See:
http://docs.hp.com/en/B2355-90950/ch08.html

_BUT_ also see:
http://docs.hp.com/en/5991-8678/index.html

...and remember that Trusted security will not be supported after 11.31 (11iv3).

Regards!

...JRF...
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

тАО07-16-2009 04:34 AM

тАО07-16-2009 04:34 AM

Re: converting to trusted machine

Hi,
See the below link

how to convert and advantage of trusted mode.

http://docs.hp.com/en/B2355-90950/ch08s08.html

Suraj
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.