HPE Community
Operating System - HP-UX
1834922 Members
2472 Online
110071 Solutions
New Discussion

Re: Converting into the trusted system

 
Sy-Hoang Truong
Occasional Contributor

‎01-18-2001 02:49 AM

‎01-18-2001 02:49 AM

Converting into the trusted system

I have 2HP9000 systems K260/D280 are running on HP-UX 10.20 consist of :
- 1 cluster (MC Service Guard),
- Disk format VXFS and HFS only on /stand
- 50 PCc are running under Windows NT4.0 connect to HP9000 by telnet and Winsock
- 1 External modem connect to /dev/ttyd0p7 (serial port)
- 1 External tape device for DDS/DAT
I have to convert my systems into the trusted mode. So, my questions are :
1) Where can I find out the patches and which one ?
2) What are the troubles may be occurred after converting the trusted mode ?

Thanks


0 Kudos
Reply
4 REPLIES 4
Victor BERRIDGE
Honored Contributor

‎01-18-2001 10:30 AM

‎01-18-2001 10:30 AM

Re: Converting into the trusted system

2) What are the troubles may be occurred after converting the trusted mode ?
>
Because of passwd policies, be aware that you will have users that will be asking you to reactivate accounts, reset passwds etc...
that you may have root account deactivated by people trying to connect...

So for root, the best is to create a /etc/securetty file containing the word console in it, and from then on you will have to use su except on console...

For the rest there is nothing special...

Good luck
Victor
0 Kudos
Reply
Peter Cvar
Occasional Advisor

‎01-19-2001 12:37 AM

‎01-19-2001 12:37 AM

Re: Converting into the trusted system

Trusting a system will truncate the passwords to 8 characters if they are longer. This is due to the use of the system call crypt() which can only handle 8 characters. Always ensure systems have the latest trusted and auditing patches installed BEFORE the system is trusted (you can get them on HP IT resource center pages).

On an untrusted system, only the first eight characters of a password are significant and used for authentication. On a trusted system, passwords can be longer than eight characters and all characters are used for authentication.


Regards, Peter
0 Kudos
Reply
Dan Hetzel
Honored Contributor

‎01-19-2001 12:52 AM

‎01-19-2001 12:52 AM

Re: Converting into the trusted system

Hi,

Apart from the password aging and format policies, users shouldn't notice any difference between trusted and untrusted mode.

You can find all patches on this web site, by clicking on 'maintenance and support' on the left frame.

As Victor suggested you, create the /etc/securetty file with one single line:
console
to restrict root logins to the system console (people will have to 'su' to become root)


Best regards,

Dan

Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com
0 Kudos
Reply
Hamdy Al-Sebaey
Regular Advisor

‎01-19-2001 07:29 AM

‎01-19-2001 07:29 AM

Re: Converting into the trusted system

Hi
I agree with our collegae.
You 'll need to create a file onder /etc called securetty in which you can set the following;

# echo console >> /etc/securetty

# chmod 600 /etc/securetty

Maybe it will help.
Thanks for sharing knowledge
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.