HPE Community
Operating System - HP-UX
1833958 Members
1845 Online
110063 Solutions
New Discussion

HP Trusted system

 
Tom Stewart_2
Advisor

‎09-25-2006 03:24 AM

‎09-25-2006 03:24 AM

HP Trusted system

Hi,
We are currently considering converting to a HP Trusted system, but one of the problems is that there is a web application with a login script which uses /usr/bin/chkpswd to check the login/passwd against the /etc/password file.
Is there any similar function in a Trusted system that can be used to authenticate users as it does not use /etc/passwd.

Thanks in advance
0 Kudos
Reply
5 REPLIES 5
IT_2007
Honored Contributor

‎09-25-2006 03:29 AM

‎09-25-2006 03:29 AM

Re: HP Trusted system

once you convert to trusted system then it checks /tcb/files/auth/ directory. It has more control and you can check using /usr/lbin/getprpw and to modify /usr/lbin/modprpw commands.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎09-25-2006 03:31 AM

‎09-25-2006 03:31 AM

Re: HP Trusted system

Tom,

On my 11.11 systems, there is no such thing as chkpswd. Is this, perhaps, a home grown application? If so, you could probably re-write to use getprpwent or getpwent.


Pete

Pete
0 Kudos
Reply
Tom Stewart_2
Advisor

‎09-25-2006 08:47 PM

‎09-25-2006 08:47 PM

Re: HP Trusted system

Hi,
The chlpswd script encodes the passwd to its hex value an compares the username and password against the passwd file. I inherited the systems from a previous administrator so obviously he developed chkpswd himself.I'll take a look at "getprpwent".

Thanks for the replies.
Tom
0 Kudos
Reply
Yang Qin_1
Honored Contributor

‎09-26-2006 12:23 AM

‎09-26-2006 12:23 AM

Re: HP Trusted system

Hi, Tom,

If you meant that after convert to trusted system, /etc/passwd does not contain the encrypted passwords so the chkpswd will not work. Then you can have a look at /etc/shadow the first two columns are exactly the same as the the first two columns in /etc/passwd before convert to trusted system.

If that chkpswd script only check the login info against the first two columns in /etc/passwd you may modify the script to check /etc/shadow. However, the problem is that /etc/shadow can only be accessed by "root". Depends on which account will be used to trigger chkpswd, it may not work.

Regards,
Yang
0 Kudos
Reply
Tom Stewart_2
Advisor

‎10-09-2006 03:35 AM

‎10-09-2006 03:35 AM

Re: HP Trusted system

Hi,
Thanks Yang that sounds like the best solution.
Thanks all for replies.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.