HPE Community
Operating System - HP-UX
1820572 Members
2065 Online
109626 Solutions
New Discussion юеВ

Re: CA -eTrust (Urgent)

 
Hasan_9
Regular Advisor

тАО03-30-2006 07:45 PM

тАО03-30-2006 07:45 PM

CA -eTrust (Urgent)

Hello,
Hello,
I have a problem with Oracle iAS on HP-UX 11.23. following you will find the oracle's solution for the problem. I do not know what the "CA - eTrust" is and how I should configure it. Whould you please direct me?

Hasan

On the HP system they have a security tool called "CA -eTrust" that manages
security, passwords, etc... This was preventing the oidldapd process from
running because the executable had the suid bit set. The unix sys admin fixed
this within CA-eTrust and that allowed oidca to complete successfully and
the oidldapd process to start up.
0 Kudos
Reply
8 REPLIES 8
Peter Godron
Honored Contributor

тАО03-30-2006 08:00 PM

тАО03-30-2006 08:00 PM

Re: CA -eTrust (Urgent)

Hasan,
http://www3.ca.com/solutions/Solution.aspx?ID=271 is the most likely candidate.

The second paragrah should only apply if you have this product running. It stopped the startup because of security policy regarding suid access.
Is you actual problem that the ias does not start up?
0 Kudos
Reply
Peter Godron
Honored Contributor

тАО03-30-2006 08:04 PM

тАО03-30-2006 08:04 PM

Re: CA -eTrust (Urgent)

Hasna,
also found some comments on eTrust:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=565969
0 Kudos
Reply
Hasan_9
Regular Advisor

тАО03-30-2006 08:28 PM

тАО03-30-2006 08:28 PM

Re: CA -eTrust (Urgent)

Thank you Peter,

I am looking for a way to allow suid on my server. There are some files, owned by oracle and should execute by root.So suid bit of the filles set.it seems this "CA -eTrust" prevent the execution of the file with suid bit.i want to allow the system to execute these files.

Hasan
0 Kudos
Reply
Peter Godron
Honored Contributor

тАО03-30-2006 11:49 PM

тАО03-30-2006 11:49 PM

Re: CA -eTrust (Urgent)

Hasan,
can you please check that you have eTrust actually running on your machine.
swlist should show you all the software installed.
What error messages are you getting?
0 Kudos
Reply
Hasan_9
Regular Advisor

тАО03-31-2006 01:23 AM

тАО03-31-2006 01:23 AM

Re: CA -eTrust (Urgent)

Thank you Peter,

Does eTrust install with operating system by default? I did not add any packages on my server with this name.
"swlist -l product | grep eTrust" & "swlist | grep eTrust" do not show anything.it means this package is not installed.Did I write the package's name correct (eTrust)?
How should I make sure it does not run on my server?

Hasan
0 Kudos
Reply
paolo barila
Valued Contributor

тАО04-02-2006 08:58 PM

тАО04-02-2006 08:58 PM

Re: CA -eTrust (Urgent)

Hi,

# check if running
root# issec

eTrust version 5.10 installed in /usr/seos
VeRsIoN: 5.10b (4.50) Compiled On:Mar 03 2003 11:32:36 _HPUX1100._HP9000S700 30004
eTrust kernel extension is loaded.
...

# shutdown
root# secons -s

# start
root# seload

must be etrust admin user (root or whatever)

Pablo
share share share
0 Kudos
Reply
Bill Lampiris
New Member

тАО11-22-2006 02:16 PM

тАО11-22-2006 02:16 PM

Re: CA -eTrust (Urgent)

Hasan,

Did you ever find a solution to your problem with OralceiAS? I am running into the exact same problem and haven't been able to figure it out.

Thanks,
-Bill
0 Kudos
Reply
Hasan_9
Regular Advisor

тАО11-22-2006 08:59 PM

тАО11-22-2006 08:59 PM

Re: CA -eTrust (Urgent)

Yes. My problem was not related to CA-eTrust. my server's hostname was in capital letter, I cahnged it to lower case and problem solved.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.