1833958 Members
1845 Online
110063 Solutions
New Discussion

HP Trusted system

 
Tom Stewart_2
Advisor

HP Trusted system

Hi,
We are currently considering converting to a HP Trusted system, but one of the problems is that there is a web application with a login script which uses /usr/bin/chkpswd to check the login/passwd against the /etc/password file.
Is there any similar function in a Trusted system that can be used to authenticate users as it does not use /etc/passwd.

Thanks in advance
5 REPLIES 5
IT_2007
Honored Contributor

Re: HP Trusted system

once you convert to trusted system then it checks /tcb/files/auth/ directory. It has more control and you can check using /usr/lbin/getprpw and to modify /usr/lbin/modprpw commands.
Pete Randall
Outstanding Contributor

Re: HP Trusted system

Tom,

On my 11.11 systems, there is no such thing as chkpswd. Is this, perhaps, a home grown application? If so, you could probably re-write to use getprpwent or getpwent.


Pete

Pete
Tom Stewart_2
Advisor

Re: HP Trusted system

Hi,
The chlpswd script encodes the passwd to its hex value an compares the username and password against the passwd file. I inherited the systems from a previous administrator so obviously he developed chkpswd himself.I'll take a look at "getprpwent".

Thanks for the replies.
Tom
Yang Qin_1
Honored Contributor

Re: HP Trusted system

Hi, Tom,

If you meant that after convert to trusted system, /etc/passwd does not contain the encrypted passwords so the chkpswd will not work. Then you can have a look at /etc/shadow the first two columns are exactly the same as the the first two columns in /etc/passwd before convert to trusted system.

If that chkpswd script only check the login info against the first two columns in /etc/passwd you may modify the script to check /etc/shadow. However, the problem is that /etc/shadow can only be accessed by "root". Depends on which account will be used to trigger chkpswd, it may not work.

Regards,
Yang
Tom Stewart_2
Advisor

Re: HP Trusted system

Hi,
Thanks Yang that sounds like the best solution.
Thanks all for replies.