HPE Community
Operating System - HP-UX
1833762 Members
2521 Online
110063 Solutions
New Discussion

Re: can I have shadow passwd without tcb

 
nancy rippey
Trusted Contributor

‎08-27-2002 11:33 AM

‎08-27-2002 11:33 AM

can I have shadow passwd without tcb

Is it possible to implement password shadowing without going full blown tcb?

Nancy
nrip
0 Kudos
Reply
10 REPLIES 10
harry d brown jr
Honored Contributor

‎08-27-2002 11:44 AM

‎08-27-2002 11:44 AM

Re: can I have shadow passwd without tcb

I don't think so, well I've not seen it!

Besides, I would not want to rely on the "hiding" of the passwd file as my method of password security. If you really want to do it one better, think of ldap.


live free or die
harry
Live Free or Die
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎08-27-2002 12:17 PM

‎08-27-2002 12:17 PM

Re: can I have shadow passwd without tcb

Nancy,

http://www.murkworks.net/link_farm/docdir/HOWTO/en-html/LDAP-HOWTO.html

or

http://www.blacksheepnetworks.com/security/resources/security-with-ldap.html

FROM HP:

http://docs.hp.com/hpux/onlinedocs/J4269-90013/J4269-90013.html




live free or die
harry
Live Free or Die
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎08-27-2002 01:04 PM

‎08-27-2002 01:04 PM

Re: can I have shadow passwd without tcb

There is no equivalent to Sun's /etc/shadow on HP. The closest you can get is converting to a trusted system which creates the /tcb structure.

Any reason you don't want to convert to trusted system?
0 Kudos
Reply
nancy rippey
Trusted Contributor

‎08-28-2002 03:31 AM

‎08-28-2002 03:31 AM

Re: can I have shadow passwd without tcb

Harry,
Thanks for the LDAP links. We are looking at implementing LDAP with our security folks. With 280 HP servers it is slow going.

Patrick,
We are in the process of converting all servers to trusted now but I am a little concerned about losing access with root. I have read various problems in the forums with trusted and being unable to log in as root when various system problems occur.

I spoke with our HP rep. yesterday and he thought that it was possible to implement just the shadow password portion. He is putting me in contact with an HP sec. person.

Thanks!
nancy
nrip
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎08-28-2002 03:53 AM

‎08-28-2002 03:53 AM

Re: can I have shadow passwd without tcb

Know the pain, as we have over 500 HP 9000's, and it's a SLOW painful process, but with the temporary ills.


live free or die
harry
Live Free or Die
0 Kudos
Reply
Helen French
Honored Contributor

‎09-04-2002 10:54 AM

‎09-04-2002 10:54 AM

Re: can I have shadow passwd without tcb

Nancy,
I would recommend switching to trusted. There are many benefits and other features such as password aging, login settings, and not to mention the security benefits.
I too understand the work behind this but if you are smart about it there should not be any real problems converting and it will be better in the long run. You do have to watch out for current password settings on users, they will loose their current setup. If you're worried keep root logged in somewhere while you verify the account.
Life is a promise, fulfill it!
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-04-2002 11:23 AM

‎09-04-2002 11:23 AM

Re: can I have shadow passwd without tcb

Hi,

No hastles in converting your systems to trusted.

You can disable most of the features of trusted systems for either root's account or systemwise if you are concerned about losing access to root. Or you can customize the "system security policies" very easily using SAM. Look at "Modify Security Policies" under the Actions menu for each user in "Users and Groups" OR "System Security Policies" under"Auditing Security" section of SAM.

Trusted is the way to go if you want to implement shadow passwords.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎05-14-2003 08:38 AM

‎05-14-2003 08:38 AM

Re: can I have shadow passwd without tcb

Nancy, see
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=ShadowPassword



0 Kudos
Reply
Geoff Wild
Honored Contributor

‎05-14-2003 08:47 AM

‎05-14-2003 08:47 AM

Re: can I have shadow passwd without tcb

Woohoo:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xe14163f96280d711abdc0090277a778c,00.html
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎05-14-2003 08:49 AM

‎05-14-2003 08:49 AM

Re: can I have shadow passwd without tcb

Trusting the server is the best way to have shadow file.
My suggetion to you is have a backup copy of /etc/passwd file before converting to trusted. In case if you face problem then unconvert the server and you have anyway a backup passwd file

tsconvert -r will revert back the sever to untrusted.


-USA..
Good Luck..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.