HPE Community
Operating System - HP-UX
1833788 Members
2248 Online
110063 Solutions
New Discussion

consequences of deleting the token * in passwd

 
SOLVED
Go to solution
Angelizer
New Member

‎08-06-2003 07:46 AM

‎08-06-2003 07:46 AM

consequences of deleting the token * in passwd

Hello!
I have one application running in a trusted HPUX 10.20, for unknown reasons it only works when I delete de token * into the passwd. So I need to know what??s the consequences deleting that token. Does this leaves a potential breach for security?

Thanxs!
I just dont know
0 Kudos
Reply
3 REPLIES 3
Pete Randall
Outstanding Contributor

‎08-06-2003 07:52 AM

‎08-06-2003 07:52 AM

Solution

Re: consequences of deleting the token * in passwd

I assume the * is in the password field of /etc/passwd? That should be a disabled account. If you remove the *, then the account goes back to being enabled, but with a null passwd. Anyone can login to that account with no password at all. Since the password file is visible, any one with access to your system can discover this security breach and log in.


Pete


Pete
Reply
Michael Steele_2
Honored Contributor

‎08-06-2003 07:52 AM

‎08-06-2003 07:52 AM

Re: consequences of deleting the token * in passwd

The /tcb encrypted password file is what you're using, not /etc/passwd.

/usr/sam/lbin/usermod.sam -F -p "" account

This command will null a password field in a trusted system.

Use SAM from this point on for resetting passwords.
Support Fatherhood - Stop Family Law
Reply
Pete Randall
Outstanding Contributor

‎08-06-2003 08:03 AM

‎08-06-2003 08:03 AM

Re: consequences of deleting the token * in passwd

Michael,

Of course, you're right - I somehow skipped right over the word "trusted".


Pete


Pete
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.