HPE Community
Operating System - HP-UX
1825161 Members
2324 Online
109679 Solutions
New Discussion юеВ

Converting from untrusted to trusted system

 
Joe Robinson_2
Super Advisor

тАО07-11-2005 09:30 AM

тАО07-11-2005 09:30 AM

Converting from untrusted to trusted system

HP-UX 11.00.

when converting from untrusted to trusted, will all users be prompted for passwords immediately? Or is it determined by when the user's last password change was committed?
0 Kudos
Reply
8 REPLIES 8
saju_2
Respected Contributor

тАО07-11-2005 09:55 AM

тАО07-11-2005 09:55 AM

Re: Converting from untrusted to trusted system

Hi

I remember the server asked me to change password once i logged into the trusted mode server for the first time.

Regards
CS
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО07-11-2005 10:01 AM

тАО07-11-2005 10:01 AM

Re: Converting from untrusted to trusted system

If you use SAM, the passwords will remain enabled. If you use the backend command /usr/lbin/tsconvert, then all passwords will be immediately expired. You will have to run /usr/lbin/modprpw -V to 'refresh' all of the passwords.


Bill Hassell, sysadmin
0 Kudos
Reply
Joe Robinson_2
Super Advisor

тАО07-12-2005 01:19 AM

тАО07-12-2005 01:19 AM

Re: Converting from untrusted to trusted system

Thanks for the info, guys!

Bill, when you say 'refresh', I'm assuming that all passwords will then be reset? I tried doing a man on modprpw but didn't have that man page.

0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО07-12-2005 01:27 AM

тАО07-12-2005 01:27 AM

Re: Converting from untrusted to trusted system

Refresh means that the expiration date (not the password itself) is extended. When you use tsconvert (not recommended), the task expires everyone's password so it must be changed. Sinec this is fairly painful for support, you can followup with modprpw -V to extend the expiration on all users. At 11.00 and earlier, there is no man page for modprpw and getprpw. These are located in the /usr/lbin directory which is for support (the backend) of other products like SAM.

If you use SAM to convert, you get everything done in one step. BTW: You can find the man pages for modprpw and getprpw at docs.hp.com or on any 11.11 or higher system.


Bill Hassell, sysadmin
0 Kudos
Reply
Joe Robinson_2
Super Advisor

тАО07-12-2005 01:40 AM

тАО07-12-2005 01:40 AM

Re: Converting from untrusted to trusted system

Very good. Am I correct that all password restrictions (as set in SAM and in /etc/default/security) will be applied at the next time the user's password is changed? (Also, if I set the PASSWORD_MAXDAYS = 120, will all user's passwords expire in 120 days as well?)

0 Kudos
Reply
Joe Robinson_2
Super Advisor

тАО07-12-2005 01:54 AM

тАО07-12-2005 01:54 AM

Re: Converting from untrusted to trusted system

Bill, I went out and read up on the modprpw command. thanks for the assist!
0 Kudos
Reply
Joe Robinson_2
Super Advisor

тАО07-12-2005 02:37 AM

тАО07-12-2005 02:37 AM

Re: Converting from untrusted to trusted system

Hmmmmmm.

When I convert my system to trusted, I am going to put a new passwd policy in place. After converting the system, placing /etc/default/security in place, and running modprpw -v, will there be a problem with user's whose current passwords don't meet the security policy (2 upper, 2 lower, 2 numeral, 2 special character)?

0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО07-12-2005 03:09 AM

тАО07-12-2005 03:09 AM

Re: Converting from untrusted to trusted system

The password rules only apply when picking a new one. Existing passwords are unaffected. The password expiration is also set when the password is changed, so setting the expiration to 10 days won't make all the old passwords expire early.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.