Operating System - HP-UX
1828249 Members
2644 Online
109975 Solutions
New Discussion

Installing Shadow Passwords require reboot??

 
SOLVED
Go to solution
David Land
Frequent Advisor

Installing Shadow Passwords require reboot??

I have installed the shadow password patch and am using it on one of our servers. I have read in some instructions somewhere that you have to reboot the server after installation.

Is that true?

I ended up rebooting my server but before I did I checked the /etc/shadow and /etc/passwd files and saw the changes. I was just wondering if I needed to because I have a couple of more servers that need it installed.
3 REPLIES 3
Steven E. Protter
Exalted Contributor
Solution

Re: Installing Shadow Passwords require reboot??

You have to look at the notes for the software depot to be sure.

rule of thumb.

If it will install from swinstall command line without the -x autoreboot=true switch you can do the install without booting.

In this case, though I'd recommend doing the install and booting immediately. The core security of your system is at stake and the install should be scheduled into a window which allows boots.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Armin Kunaschik
Esteemed Contributor

Re: Installing Shadow Passwords require reboot??

It depends on the patch level of your server.
If it's quite current you may not need to reboot.
But in my expirience it's very probable
that you need to reboot.
Check the output of the analysis phase (see last post)!

Be sure to run pwconv after the patch installation to
activate the shadow passwords.

My 2 cents,
Armin
And now for something completely different...
doug hosking
Esteemed Contributor

Re: Installing Shadow Passwords require reboot??

The HP-UX kernel does not know/care about password files in any special sense. However quite a few applications do.

One thing that's important to understand here is that, typically in the interests of performance, some applications cache certain file or state information and/or may have file descriptors open to the password files and similar configuration files. When making a significant change to the system configuration, such as when installing this bundle, it might be possible to confuse active processes if you don't reboot, because currently running processes could be using old information.

In the case of password file access, there is no real way to know which applications might have cached this information, or how they would respond if that information changed formats while they were running.

Even if all of HP's code behaves perfectly, quite a bit of third party code does various forms of authentication, and therefore may also be accessing password files.

Programs such as fuser can give hints about which programs may have these files open, but I'm not aware of any truly reliable way of telling, since I know of no good tools for looking for data cached in program buffers.

If it were my system, I'd strongly prefer to reboot. If I didn't have that option, I'd at the very least stop and restart any applications that might be accessing the password files.