Operating System - HP-UX
1833788 Members
2248 Online
110063 Solutions
New Discussion

consequences of deleting the token * in passwd

 
SOLVED
Go to solution
Angelizer
New Member

consequences of deleting the token * in passwd

Hello!
I have one application running in a trusted HPUX 10.20, for unknown reasons it only works when I delete de token * into the passwd. So I need to know what??s the consequences deleting that token. Does this leaves a potential breach for security?

Thanxs!
I just dont know
3 REPLIES 3
Pete Randall
Outstanding Contributor
Solution

Re: consequences of deleting the token * in passwd

I assume the * is in the password field of /etc/passwd? That should be a disabled account. If you remove the *, then the account goes back to being enabled, but with a null passwd. Anyone can login to that account with no password at all. Since the password file is visible, any one with access to your system can discover this security breach and log in.


Pete


Pete
Michael Steele_2
Honored Contributor

Re: consequences of deleting the token * in passwd

The /tcb encrypted password file is what you're using, not /etc/passwd.

/usr/sam/lbin/usermod.sam -F -p "" account

This command will null a password field in a trusted system.

Use SAM from this point on for resetting passwords.
Support Fatherhood - Stop Family Law
Pete Randall
Outstanding Contributor

Re: consequences of deleting the token * in passwd

Michael,

Of course, you're right - I somehow skipped right over the word "trusted".


Pete


Pete