- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: password history depth in a non-trusted system...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 04:48 AM
тАО12-09-2009 04:48 AM
i am running 11.23 server Itanium and RISC both and using the /etc/shadow file. The sytems are not trusted that is are standard systems.
man security says that for password history depth can be implemented to a trusted system only.
PASSWORD_HISTORY_DEPTH=N A new password is checked
against only the N most recently used passwords for a
particular user.
then i need to convert the system to trusted mode.
My questions are:
1) is there any way that i can implement the PAssword History Depth withjout making the system trusted?
2) if i have to make the system trusted how is this going to affect the users on the system and deal with the current /etc/shadow and /etc/passwd files and what are the precautions that i have to keep in fore front doing this.
I have on most of the systems lot of java users and oracle users and java as well as Oracle processes running.
regards
sujit
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 05:14 AM
тАО12-09-2009 05:14 AM
Solutionhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 07:49 AM
тАО12-09-2009 07:49 AM
Re: password history depth in a non-trusted system // converting to a trusted system
thanks for the reply.
what are the impacts possibly if we are converting to the trusted mode , like i have a prod box with N number of java and oracle users, what should be approach and waht are the challenges possibly going to come, just can some thoughts be shared?
Regards
sujit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 08:36 AM
тАО12-09-2009 08:36 AM
Re: password history depth in a non-trusted system // converting to a trusted system
Take a look at the the admin guide for trusted systems for details http://www.docs.hp.com/en/B2355-90121/B2355-90121.pdf
Also in HP-UX 11.31 the trusted systems will go away in favor of the new security model. So , don't get into the trusted system now if you can avoid it and have to get out of it again in the future.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 10:40 AM
тАО12-09-2009 10:40 AM
Re: password history depth in a non-trusted system // converting to a trusted system
PASSWORD_HISTORY_DEPTH=N A new password is checked..."
They had patches out for 11.0 and up that should enable this without converting to a trusted system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-12-2009 05:30 AM
тАО12-12-2009 05:30 AM
Re: password history depth in a non-trusted system // converting to a trusted system
Thanks for the Inputs.
I also need to knoe that if i convert the system to a trusted node,
1) can that be done on the fly that is with the applications and databases running?
2) we have got CRS in the server as running.
So what can be the approach if i wish turning the systen into a trusted one.
i know that the system can be untrusted, but what can be the potential problems if i turn the sytem into trusted mode on the fly/ offline.
How are the logged on users goint to be affected if i do that online?
Sorry if the question sounds stupid.
regards
sujit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-12-2009 07:16 AM
тАО12-12-2009 07:16 AM
Re: password history depth in a non-trusted system // converting to a trusted system
If you don't have a test system your other option is to do it during off-peak hours with a few users on that will help you test the trusted system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-13-2009 10:21 AM
тАО12-13-2009 10:21 AM
Re: password history depth in a non-trusted system // converting to a trusted system
Followng is example
/usr/lbin/modprpw -m mintm=0,lftm=0,exptm=0,expwarn=0 user1
Ravi.