HPE Community
Operating System - HP-UX
1855941 Members
6700 Online
104107 Solutions
New Discussion

convert to trusted

 
joe_91
Super Advisor

‎11-01-2006 05:32 AM

‎11-01-2006 05:32 AM

convert to trusted

we are trying to convert out standard hp-ux to trusted systems. Please guide with the insturctions for converting to trusted. I have to present a plan for this.

is this OK?

1. use sam to converto to trusted system

2. make good backup of /etc/passwd before converting

is there any fileset that needs to be installed?

Please Help

Thanks

Joe
0 Kudos
Reply
9 REPLIES 9
Sanjay Yugal Kishore Ha
Frequent Advisor

‎11-01-2006 05:41 AM

‎11-01-2006 05:41 AM

Re: convert to trusted

This thread contains the pointer.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1072857
Dying is the last thing that I will do.
0 Kudos
Reply
Paul Sperry
Honored Contributor

‎11-01-2006 05:48 AM

‎11-01-2006 05:48 AM

Re: convert to trusted

Looks like your good to go Joe.
Your plan seems fine to me
0 Kudos
Reply
Jaime Bolanos Rojas.
Honored Contributor

‎11-01-2006 06:31 AM

‎11-01-2006 06:31 AM

Re: convert to trusted

Joe,

If you are looking for some more detail this doc is the way to go:

http://docs.hp.com/en/B2355-90950/ch08s08.html

Regards,

Jaime.
Work hard when the need comes out.
0 Kudos
Reply
DCE
Honored Contributor

‎11-01-2006 06:58 AM

‎11-01-2006 06:58 AM

Re: convert to trusted


I suggest having a second seesion logged into the server as root when you perform the conversion. This will allow you to address any glitches that may occur (such as a disable root account)
0 Kudos
Reply
Sp4admin
Trusted Contributor

‎11-01-2006 10:18 AM

‎11-01-2006 10:18 AM

Re: convert to trusted

Hi Joe,

That looks good to me. using SAM it is a very ease process.

sp,
0 Kudos
Reply
John Kittel
Trusted Contributor

‎11-01-2006 11:18 AM

‎11-01-2006 11:18 AM

Re: convert to trusted

One thing that happens is if before conversion to trusted the root password is greater than 8 characters, then after conversion to trusted, when logging in as root the system will only accept the password if you only enter the first 8 characters. If you try to log in using the full greater than 8 character password you will be denied. After conversion to trusted, and logging in using 8 characters, you can then set to a new password greater than 8 characters and it will work properly with the new password thereafter.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-01-2006 02:02 PM

‎11-01-2006 02:02 PM

Re: convert to trusted

You can run the tsconvert command directly but SAM runs it and does a bit more for you. By far the most important rule whether tsconvert is executed directly or by SAM is to be logged in as root in at least two sessions after first making a backup copy of the passwd file. That way you can get yourself out of trouble almost as fast as you got yourself in.
If it ain't broke, I can fix that.
0 Kudos
Reply
Pratyush Paul_1
Valued Contributor

‎11-01-2006 03:07 PM

‎11-01-2006 03:07 PM

Re: convert to trusted

Hi - Please try to use tsconvert, why you have to use sam, and with tsconvert you can make it trusted and you can untrust it too. Test it either way before you hand it over to your client.

Thanks

Pratyush
Die Hard
0 Kudos
Reply
RAC_1
Honored Contributor

‎11-01-2006 03:16 PM

‎11-01-2006 03:16 PM

Re: convert to trusted

SAM does it in following way-/etc/tsconvert and followed by modprpw -V

If you do throug command line (/etc/tsconvert -c) make sure you also run /usr/lbin/modprpw -V immediately. This takes care of expired accounts. (all accounts expire when you convert to/from trusted mode)
There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.