HPE Community
Operating System - HP-UX
1753931 Members
9575 Online
108810 Solutions
New Discussion юеВ

how to convert as trusted mode.

 
SOLVED
Go to solution
senthil_kumar_1
Super Advisor

тАО05-24-2009 04:03 AM

тАО05-24-2009 04:03 AM

how to convert as trusted mode.

Hi,

I am using hp-ux 11.00 and 11.11.

I think my hp-ux server is not in trusted mode. since there no file like /etc/shadow.

Now i want to convert to trusted mode. so i used following command to convert. but it is showing some error.

Ex:

# pwconv
The system is not yet in trusted mode.
Use pwck to list any problems with the password file.
After fixing all problems use SAM to convert to trusted mode.


so how to use SAM to convert my system to trusted mode.

how to solve this.
0 Kudos
Reply
15 REPLIES 15
Sajjad Sahir
Honored Contributor

тАО05-24-2009 04:23 AM

тАО05-24-2009 04:23 AM

Re: how to convert as trusted mode.

Dear Senthil

The following link will help u

http://docs.hp.com/en/B2355-90950/ch08s08.html

thanks and regards

Sajjad sahir
Reply
Nido
Trusted Contributor

тАО05-24-2009 04:29 AM

тАО05-24-2009 04:29 AM

Solution

Re: how to convert as trusted mode.

Hello Senthil,

To enable auditing, run SAM and use the ├в Auditing and Security├в window.

Before converting system into trusted mode take a backup of /etc/passwd.

Recommended method is to use SAM rather than using tsconvert command.

>>>>I think my hp-ux server is not in trusted mode. since there no file like /etc/shadow.

Another clue would be to see /tcb.

Cheers!!
" Let Villagers Be Happy!! "
Reply
avizen9
Esteemed Contributor

тАО05-24-2009 04:51 AM

тАО05-24-2009 04:51 AM

Re: how to convert as trusted mode.

Hi,
you can use SAM to convert your existing system into trusted,

before that as mentioned in url pls check
swlist -l fileset | grep Security


once system is trusetd you should see /tcb

below is pdf which can explain you how to use in detail about trusted system.

http://docs.hp.com/en/5992-3387/apa.html
Reply
James R. Ferguson
Acclaimed Contributor

тАО05-24-2009 05:12 AM

тАО05-24-2009 05:12 AM

Re: how to convert as trusted mode.

Hi Senthil:

Trusted and shadow implementions are different. HP's Trusted mode is deprecated at 11.31 (11iv3) meaning that that it is the last release that will support this functionality. I would suggest, therefore, that you transition to the shadow implementation. On 11.11 you can do this with:

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

Regards!

...JRF...
Reply
Suraj K Sankari
Honored Contributor

тАО05-24-2009 08:28 PM

тАО05-24-2009 08:28 PM

Re: how to convert as trusted mode.

Hi,
>>Use pwck to list any problems with the password file

This error means there is some problem in your /etc/passwd file.
run pwck it will give the output where is the error might be some extra field added or may be some extra character add into your /etc/passwd file first fix it then you can run pwconv or using sam also you can convert your system into trusted mode.

Suraj
Reply
Basheer_2
Trusted Contributor

тАО05-25-2009 12:06 AM

тАО05-25-2009 12:06 AM

Re: how to convert as trusted mode.

Check the trusted status
/usr/lbin/getprdef -r

to convert

/etc/tsconvert
or use sam
Reply
Taifur
Respected Contributor

тАО05-25-2009 01:02 AM

тАО05-25-2009 01:02 AM

Re: how to convert as trusted mode.

HI Senthil,

You can check below link as follows,
http://docs.hp.com/en/J4269-90041/ch04s02.html

Rgds//
Taifur
Reply
Ganesan R
Honored Contributor

тАО05-25-2009 01:22 AM

тАО05-25-2009 01:22 AM

Re: how to convert as trusted mode.

Hi Senthilkumar,

Make yourself clear that /etc/shadow, pwconv or pwunconv are not at all related to trusted system.

These are all related to HP's security product "shadow password" which is available here for download.
http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

You need to download and install the product. Then only you can run pwconv and pwunconv commands. /etc/shadow file will be created once you run /etc/shadow.

Trusted system is another layer of security level product. You can run "tsconvert" to convert the system to trusted. But SAM is the recommanded way to convert the system into trusted.
Best wishes,

Ganesh.
Reply
Ganesan R
Honored Contributor

тАО05-25-2009 01:23 AM

тАО05-25-2009 01:23 AM

Re: how to convert as trusted mode.

Hi Again,

There is typo error.

>>>/etc/shadow file will be created once you run /etc/shadow.<<<

read as, /etc/shadow file will be created once you run pwconv command.

Sincere apologize....
Best wishes,

Ganesh.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.