- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: password reqd for single user mode for 11.31
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2011 10:04 AM
тАО01-20-2011 10:04 AM
password reqd for single user mode for 11.31
Thx.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2011 10:18 AM
тАО01-20-2011 10:18 AM
Re: password reqd for single user mode for 11.31
At least I hope I read your question correctly.
Now if you want to reset the root passwd, being logged in as root, while the box is up and running you just type "passwd".
If I have totally had a senior blonde moment and missed what you are trying to say..my apologies.
Regards,
Rita
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2011 11:56 AM
тАО01-20-2011 11:56 AM
Re: password reqd for single user mode for 11.31
System power is applied. Machine starts to boot. Can I set up a password requirement so that when I interrupt the ISL to boot into single user mode instead of multi-user, it will only boot to single user mode if the password is entered?
If yes, can that information be checked/accessed while the system is in multi-user mode via some facility like a GSP?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2011 01:32 PM
тАО01-20-2011 01:32 PM
Re: password reqd for single user mode for 11.31
Access to the Console to cause a reboot would be protected by the security of the Management Processor.
man security(4)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2011 01:43 PM
тАО01-20-2011 01:43 PM
Re: password reqd for single user mode for 11.31
Unlike their precedessor GSP, MP and iLO requires a password before you can even see a single line of PDC or EFI boot output, even on the local serial console.
If an unauthorized person gets past that to see the iLO/MP command prompt with administrator privileges, you've lost the game. With iLO/MP admin access, the intruder can:
- crash the system instantly with the RS command
- boot the system from a handy extra SCSI/FW disk, if the hardware connectors are accessible
- boot the system from a virtual media located on some other network-reachable host
- if you're on an Itanium and the EFI bootloader is password-protected, iLO/MP access can be used to reset the EFI/BMC password.
However: if the iLO/MP is password-protected but the local console connection and the iLO/MP reset button are accessible, the the intruder can perform an iLO/MP password reset.
(Hmm, unplugging all the server's power cables will obviously also reset the iLO/MP... but does that also allow the password reset procedure, or is the iLO reset the only way to that? May be hardware-model-dependent.)
Considering all that, the OS single-user-mode password simply does not look all that important any more.
The primary requirements for HP-UX 11.31 reboot security would seem to be:
1.) Don't allow unauthorized personnel physical access to the server hardware.
(This is a no-brainer.)
2.) The iLO/MP default username/password combinations are well-known Admin/Admin and Oper/Oper; change them.
(Another one that should be obvious.)
3.) If the serial console connection is cabled outside the server enclosure, protect it too: it's the master key to the iLO/MP password reset procedure, which gives up the keys to the kingdom.
(It's possible to reserve the serial console connection to initial system setup and hardware service actions only; all the rest can be done using the iLO/MP network console interface.)
4.) Although the iLO/MP network console interface can use encrypted protocols, connecting it to a secure network segment that is accessible by authorized sysadmins only would still be a good idea.
If you have a rx2600, it was possible to buy it without the iLO/MP option. If you have such a server, your boot security is mainly determined by the EFI/BMC password. In that case, the password recovery procedure is listed as "Contact HP"...
If I were deploying an iLOless rx2600 in an environment that would require protecting the system with an EFI/BMC password (as opposed to a securely locked server room or rack), I'd find out in advance if the reset procedure requires hardware manipulation, or if it's something that can be performed using just the serial console.
MK