HPE Community
Operating System - HP-UX
1834596 Members
3518 Online
110069 Solutions
New Discussion

Re: HP-UX11 TRUSTED SYSTEM

 
Dave Elliott
Frequent Advisor

‎08-16-2002 12:54 AM

‎08-16-2002 12:54 AM

HP-UX11 TRUSTED SYSTEM

I recently converted to a trusted system and have the following problems.

1 the password expires without notificationto users, they just all of a sudden cannot sign in to the box.
i would like the system to prompt them to change there password at the relervant time.

2 and also it is reporting that i ndont have password history configured correctly in /etc/default/security file HELP!

3 one last problem, we use SAS and SAS is set to change unix user passwd every 30 days but since converting it fails poss due to the fact that the script isn't calling the right command to change it.


can any one help with any of these.
Oracle DBA
0 Kudos
Reply
4 REPLIES 4
James Beamish-White
Trusted Contributor

‎08-16-2002 02:10 AM

‎08-16-2002 02:10 AM

Re: HP-UX11 TRUSTED SYSTEM

Hiya.

1 - If you use /usr/lbin/tsconvert to convert your system, it does this. The best way is to convert the system using SAM, so run /usr/lbin/tsconvert -r to revert back, then run SAM and go into Auditing and Security and System Security Policies, it will ask to convert to a trusted system and it should ask your users to change passwords on expire.

2 - The above should solve the problem, but if not, create a file /etc/default/security with the line "PASSWORD_HISTORY_DEPTH=5" in it (assuming a dept of 5 is appropriate for your security policiy).

3 - SAS will probably be using the call getpwent and setpwent to change or read the password file. This needs to be recoded or fixed to use getprpwent and setprpwent for trusted systems.

Cheers!
James
GARDENOFEDEN> create light
0 Kudos
Reply
Dave Elliott
Frequent Advisor

‎08-16-2002 02:18 AM

‎08-16-2002 02:18 AM

Re: HP-UX11 TRUSTED SYSTEM

Thanks for the SAS suggestionh i will get onto it.
as for using sam to convert I DID.
and i have set up all the relevent policies ref auditing.
but it still sends no notification of passwd expiration.
Oracle DBA
0 Kudos
Reply
Darren Prior
Honored Contributor

‎08-16-2002 03:43 AM

‎08-16-2002 03:43 AM

Re: HP-UX11 TRUSTED SYSTEM

Hi Andrew,

Regarding your first point, you may want to check out the 'Modify User's Security Policies' window in SAM (highlight a user in User and Groups and it'll be under the Actions menu.)

There's help available within that section that explains the 'Password Expiration Warning Time' which could be what you require.

You may not see the warning though if your users are not logging directly into the HPUX box - ie if they are logging into SAS and then SAS does a login to the HPUX box for them.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Dave Elliott
Frequent Advisor

‎08-16-2002 04:02 AM

‎08-16-2002 04:02 AM

Re: HP-UX11 TRUSTED SYSTEM

Thanks guys
darren ever helpful as usuall.
any news CIFS darren
Oracle DBA
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.