HPE Community
Operating System - HP-UX
1827436 Members
5316 Online
109965 Solutions
New Discussion

Converting to Trusted Mode in HP-UX 11.31

 
SOLVED
Go to solution
Neil Smith NGIT
Occasional Contributor

‎11-17-2008 05:02 AM

‎11-17-2008 05:02 AM

Converting to Trusted Mode in HP-UX 11.31

I have a recently built OS and when trying to convert to trusted mode, receive the following message:

hdr2tdbs01:root:/# tsconvert
The system cannot be converted while numeric user/group names are enabled.

Note: Shadow passwords have been disabled.

Thanks in Advance
0 Kudos
Reply
9 REPLIES 9
Dennis Handly
Acclaimed Contributor

‎11-17-2008 06:17 AM

‎11-17-2008 06:17 AM

Re: Converting to Trusted Mode in HP-UX 11.31

>The system cannot be converted while numeric user/group names are enabled.

It means what it says. Do you have any of these? Have you incorrectly used "#" as a comment char?
0 Kudos
Reply
Neil Smith NGIT
Occasional Contributor

‎11-17-2008 06:23 AM

‎11-17-2008 06:23 AM

Re: Converting to Trusted Mode in HP-UX 11.31

These are actually brand new builds. So, no new accounts have even been setup yet. No entries into the /etc/passwd or /etc/group have been added.
The only thing following the initial build, was to run pwunconv to disable shadowing.

Building 11.31 is fairly new for us, but we have performed these repeatedly in 11.23 and 11.11 without ever seeing this type of message before.

??
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-17-2008 06:45 AM

‎11-17-2008 06:45 AM

Re: Converting to Trusted Mode in HP-UX 11.31

>The only thing following the initial build, was to run pwunconv(1M) to disable shadowing.

Did you also run pwck(1M)?

>... numeric user/group names are enabled.

If this isn't checking each ID, perhaps you have enabled a feature
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎11-17-2008 06:55 AM

‎11-17-2008 06:55 AM

Re: Converting to Trusted Mode in HP-UX 11.31

Hi Neil:

You should be aware that 11.31 is the last release to support trusted systems functionality.

I would consider using shadow passwords and looking at Role-Based Access Control (RBAC).

Regards!

...JRF...

0 Kudos
Reply
Yashwant
Valued Contributor

‎11-17-2008 06:55 AM

‎11-17-2008 06:55 AM

Re: Converting to Trusted Mode in HP-UX 11.31

refer following link to convert into trusted mode .

http://docs.hp.com/en/B2355-90950/ch08s08.html


http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1278210
0 Kudos
Reply
Neil Smith NGIT
Occasional Contributor

‎11-17-2008 07:15 AM

‎11-17-2008 07:15 AM

Re: Converting to Trusted Mode in HP-UX 11.31

I have ran the pwk and found no errors.

Unfortunately because of the enviroment, we are required to run all servers in Trusted Mode.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-17-2008 03:40 PM

‎11-17-2008 03:40 PM

Solution

Re: Converting to Trusted Mode in HP-UX 11.31

You get that error if sysconf(_SC_EXTENDED_LOGIN_NAME) returns 1.
It will do this if /etc/default/ugconf exists.
Reply
Neil Smith NGIT
Occasional Contributor

‎11-18-2008 11:22 AM

‎11-18-2008 11:22 AM

Re: Converting to Trusted Mode in HP-UX 11.31

I renamed the file /etc/default/ugconf and then ran tsconvert successfully.

Thank you very much!!
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-18-2008 04:58 PM

‎11-18-2008 04:58 PM

Re: Converting to Trusted Mode in HP-UX 11.31

>I renamed the file /etc/default/ugconf and then ran tsconvert successfully.

I would think there would be a command or option to do this, rather than that brute force solution. Perhaps the Release Notes would mention that.

http://docs.hp.com/en/5992-4174/ch05s06.html
http://docs.hp.com/en/5992-4174/ch02s07.html
http://docs.hp.com/en/5992-4174/ch10s10.html

Note the scary words:
Additionally, once the Numeric User Group Name feature is installed, it is not recommended to remove this feature. The automatic removal of this feature is not supported due to the impracticality of automatically finding and removing all numeric users/groups in the system. ...

It seems you have to remove a product.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.