HPE Community
Operating System - HP-UX
1825793 Members
2297 Online
109687 Solutions
New Discussion

Different between Trusted and non-Trusted environment?

 
SOLVED
Go to solution
sudhapage
Regular Advisor

‎05-14-2007 10:49 PM

‎05-14-2007 10:49 PM

Different between Trusted and non-Trusted environment?

Dear all,

Can you please guide me, what is the difference between trusted and non-trusted environments?

And then where we have to configure it?

Regards,
Sudhakaran.K
0 Kudos
Reply
8 REPLIES 8
Pete Randall
Outstanding Contributor

‎05-14-2007 10:53 PM

‎05-14-2007 10:53 PM

Solution

Re: Different between Trusted and non-Trusted environment?

The main difference is that passwords get hidden away in the /tcb directory structure, rather than being exposed in the /etc/passwd file. A trusted system also gives you some additional security related options - see the man page for "security".

Probably the best way to convert to trusted is to use SAM to do it. SAM takes a couple of extra steps automatically, thus avoiding an un-useable system because all the passwords have been expired.


Pete

Pete
Reply
Wouter Jagers
Honored Contributor

‎05-14-2007 10:55 PM

‎05-14-2007 10:55 PM

Re: Different between Trusted and non-Trusted environment?

On a trusted system, passwords are not kept in /etc/passwd but in the /tcb directory. You can also set more security-related options such as password aging and lockout policies.

The 'auditing and security' section of SAM allows you to convert to or back from a trusted system.

Also check out http://docs.hp.com/en/B2355-90950/ch08s08.html

Cheers,
Wout
an engineer's aim in a discussion is not to persuade, but to clarify.
Reply
sudhapage
Regular Advisor

‎05-14-2007 10:59 PM

‎05-14-2007 10:59 PM

Re: Different between Trusted and non-Trusted environment?

Hi Randall & Jagers,

In trusted & non-trusted environment, How we can lock & unlock the user?

Regards,
Sudhakaran.K
0 Kudos
Reply
Wouter Jagers
Honored Contributor

‎05-14-2007 11:02 PM

‎05-14-2007 11:02 PM

Re: Different between Trusted and non-Trusted environment?

In SAM, you can activate/desacivate users within 'accounts for users and groups'.

The modprpw command can also be used to 'modify protected password' entries.

Cheers,
Wout
an engineer's aim in a discussion is not to persuade, but to clarify.
0 Kudos
Reply
sudhapage
Regular Advisor

‎05-14-2007 11:10 PM

‎05-14-2007 11:10 PM

Re: Different between Trusted and non-Trusted environment?

Hi,

Here servers are in non trusted environment.

Using modprpw we can't unlock the user in non-trusted environment. I don't have SAM access.

Can you guide me, how we can unlock the user in non-trusted environment?

Regards,
Sudhakaran.K
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎05-14-2007 11:18 PM

‎05-14-2007 11:18 PM

Re: Different between Trusted and non-Trusted environment?

Take a look at the passwd file. Has the user's password hash been replaced by an asterisk? If so, run the passwd command as root to reset the user's password.


Pete

Pete
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎05-15-2007 12:29 AM

‎05-15-2007 12:29 AM

Re: Different between Trusted and non-Trusted environment?

Hi:

You should be interested to know that trusted mode is deprecated as of 11.31 and will be the last release to support it.

http://docs.hp.com/en/5991-6469/5991-6469.pdf

The HP-UX Standard Mode Security Extensions now allow the same security features in standard mode previously only offered in trusted mode.

The product is also available for 11.23:

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt

Regards!

...JRF...

0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎05-15-2007 12:56 AM

‎05-15-2007 12:56 AM

Re: Different between Trusted and non-Trusted environment?

hi Sudhakaran,

The following thread should answer all your questions:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=884835

also have a look at /tcb/files/auth/system/default for system wide defaults

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.