HPE Community
Operating System - HP-UX
1832426 Members
3185 Online
110042 Solutions
New Discussion

converting to trusted mode

 
SOLVED
Go to solution
John Carr_2
Honored Contributor

‎12-11-2003 09:09 PM

‎12-11-2003 09:09 PM

converting to trusted mode

I am going to tsconvert several old servers running hp-ux 10.10 and 10.20. I remember being told along time ago that this conversion program truncates long passwords on early releases. Can anyone bring any light to this as i seem unable to find anything on the subject in the forum.

thanks
John.
0 Kudos
Reply
9 REPLIES 9
Vijaya Kumar_3
Respected Contributor

‎12-11-2003 09:38 PM

‎12-11-2003 09:38 PM

Re: converting to trusted mode

Hi John,

I am not sure about your question. I think the password will just expire irrespective of length.

I will recommend following things:

1. Please search HP site for required patched for your systems. I am not sure about specific patches.

2. You are going to end up with trouble as every system may respond differently after converting into Trusted system.

3. Test some development systems

Thanks
Vijay
Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
0 Kudos
Reply
Sunil Sharma_1
Honored Contributor

‎12-11-2003 09:40 PM

‎12-11-2003 09:40 PM

Re: converting to trusted mode

Hi ,

Your first 8 charecter of password will be valid.


Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
Darren Prior
Honored Contributor

‎12-11-2003 09:54 PM

‎12-11-2003 09:54 PM

Solution

Re: converting to trusted mode

Hi John,

A couple of important points related to this:

1) 10.10 and 10.20 are old OS's. Please ensure they are fully patched before attempting to trust them, as this _will_ cause problems otherwise.

2) SAM is the supported way to trust a system.

I believe that the long password issue is related to the use of crypt vs bigcrypt. Using the first 8 characters of the password is a workaround until the password is changed after the system has been trusted.

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
Rajeev Shukla
Honored Contributor

‎12-11-2003 09:56 PM

‎12-11-2003 09:56 PM

Re: converting to trusted mode

Yes you are right, all the passwords will be expired, i.e everyone has to change their password first time they login. And only first 8 characters of the password field will be taken care of. Passwords more than 8 characters will be truncated to first 8 characters.
Reply
John Carr_2
Honored Contributor

‎12-11-2003 10:00 PM

‎12-11-2003 10:00 PM

Re: converting to trusted mode

thanks everyone

you have confirmed what i thought that tsconvert truncates the password. I will ensure the systems are patched to date i have already downloaded all the patches i need for many tasks.

has this problem been fixed in recent releases of hp-ux does anyone know and if so what release was it first fixed in.

thanks
John.
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎12-11-2003 10:05 PM

‎12-11-2003 10:05 PM

Re: converting to trusted mode

For 10.x version you need to check these patches

10.20 PHCO_10615
10.10 PHCO_10620

It would be better to keep the password length to 8 characters.!
0 Kudos
Reply
John Carr_2
Honored Contributor

‎12-11-2003 10:11 PM

‎12-11-2003 10:11 PM

Re: converting to trusted mode

I shall change the root password on each server before i go ahead with the task using SAM.

Is there any way to tell from the existing passwd file encrypted password field the length of the decrypted password ?

thanks
John.

0 Kudos
Reply
doug hosking
Esteemed Contributor

‎12-12-2003 05:34 PM

‎12-12-2003 05:34 PM

Re: converting to trusted mode

No, you can't tell from the existing /etc/passwd file the length of a password (except if there isn't one). Keep in mind that the truncation happened when you INITIALLY set the password, not by the conversion to trusted mode. It just APPEARS that longer passwords are significant.

Try this from a standard mode configuration:
Change a password to 'abc123456789' then try to su to that user using the password 'abc12345' and watch it work. This
shows that independent of trusted mode, the truncation occurred. This 'feature' brought to you by UNIX compatibility requirements.
:-(



0 Kudos
Reply
doug hosking
Esteemed Contributor

‎12-12-2003 05:37 PM

‎12-12-2003 05:37 PM

Re: converting to trusted mode

By the way, if you do this on 10.10/10.20, be sure you are current on libsec patches. The original versions of libsec had some ugly performance problems on some configurations.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.