HPE Community
Operating System - HP-UX
1836569 Members
1735 Online
110102 Solutions
New Discussion

Password Policy - HPUX 11i

 
SOLVED
Go to solution
yaron daniel
Frequent Advisor

‎08-10-2004 03:16 AM

‎08-10-2004 03:16 AM

Password Policy - HPUX 11i

Hi All

U can read my questions in the attachment

10x
the truth is out there
0 Kudos
Reply
11 REPLIES 11
Jeff Schussele
Honored Contributor

‎08-10-2004 03:24 AM

‎08-10-2004 03:24 AM

Re: Password Policy - HPUX 11i

Uhhmmmm....attachment?

Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
yaron daniel
Frequent Advisor

‎08-10-2004 07:53 AM

‎08-10-2004 07:53 AM

Re: Password Policy - HPUX 11i

sorry.
the truth is out there
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-10-2004 08:02 AM

‎08-10-2004 08:02 AM

Re: Password Policy - HPUX 11i

Could not go through all of your attachment.

Without putting system in trusted mode, you can control lot of things with file /etc/default/security

man security for details. It explains all. Your most the requirements can be taken care of with this

For converting system to trusted mode, you do it through SAM or on command line(/etc/tsconvert -c)
For documents read man pages of getprpw, getprdef, modprpw and modprdef

Anil
There is no substitute to HARDWORK
Reply
Steven E. Protter
Exalted Contributor

‎08-10-2004 08:03 AM

‎08-10-2004 08:03 AM

Re: Password Policy - HPUX 11i

I'm uplaoding a file called /etc/default/security

This allows you to set the password parameters you wish for any system, trusted or not.

Another file to look at is /etc/default/useradd which will let you set standard parameters when users are added.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven E. Protter
Exalted Contributor

‎08-10-2004 08:06 AM

‎08-10-2004 08:06 AM

Re: Password Policy - HPUX 11i

Upon further reading of your question, the following thoughts come up.

Almost everything you want to do can be done via commands. I'm uploading my hack on an old Pete Randall script that demonstrates certain concepts in this regard.

Even the commented part is educational. Note I don't run it from /etc/passwd, but a copy. Thats because i'm very,very anal.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
yaron daniel
Frequent Advisor

‎08-10-2004 06:47 PM

‎08-10-2004 06:47 PM

Re: Password Policy - HPUX 11i

10x for all the answers, i want to ask if i am working with the /etc/default/security file, still the /etc/passwd is not protected by the shadow password option.
In order to make my system as save as i can ,
What benfits do i get when i will work with trust system mode ? and is it a very strong head-ache to handel system in trust system mode from your experience ?
the truth is out there
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎08-10-2004 07:04 PM

‎08-10-2004 07:04 PM

Re: Password Policy - HPUX 11i

you can view know differences on handling system as Trusted or non-trusted over,
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=638058

And more,
We can easily hack /etc/passwd files passwd part by removing it as null passwd login

Trusted one is very effective to manage user acccounts and passwd in secure mode and with auditing too.

Select your options as Secure, auditable and more effective or easy with less secure ( can be made more using /etc/defaults/security file and some changes on permission too)

But handling trusted systems are needing more administration and auditing.

IF you don't want to get head-ache on user accounts and security problem then use trusted one,

else if you don't want to get head-ache because of account locking / account auditing / easy to handle then use system as "non-trusted one"

You can get more informations over passwd man pages.
Easy to suggest when don't know about the problem!
Reply
yaron daniel
Frequent Advisor

‎08-11-2004 07:24 PM

‎08-11-2004 07:24 PM

Re: Password Policy - HPUX 11i

Hi All

So the only commands that are in the trust system "game" if i am understood are:
tsconvert, getprpw , getprdef, modprdef , modprpw.
Did i miss anything ???

10x
the truth is out there
0 Kudos
Reply
Zeev Schultz
Honored Contributor

‎08-11-2004 08:53 PM

‎08-11-2004 08:53 PM

Re: Password Policy - HPUX 11i

Hi Yaron,

Yes and not.These are /usr/lbin commands which are intended by HP for SAM usage.So,officially,you should use SAM as says here:

http://docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html

Obviously,many of us prefer command line for the easy way but keep in mind that HP didn't design these commands to be used on their own.So there is a little information,like man pages around.

rgds,

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
Reply
yaron daniel
Frequent Advisor

‎08-11-2004 09:05 PM

‎08-11-2004 09:05 PM

Re: Password Policy - HPUX 11i

Hello Zeev

1) This doc was written to hpux 10.10 is it also o.k. for hpux11 ?
2) I want to handel all the trust system from the command line , in order that i can write scripts to operators, so i need to know which commands are in the game.

Yaron
the truth is out there
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎08-11-2004 09:27 PM

‎08-11-2004 09:27 PM

Solution

Re: Password Policy - HPUX 11i

The commands used for trusted are,

authcap(4) - security databases for trusted systems
default(4) - system default database file for a trusted system
devassign(4) - device assignment database file for a trusted system
getdvagent, getdvagnam, setdvagent, enddvagent, putdvagnam, copydvagent(3) - manipulate device assignment database entry for a trusted system
getprdfent, getprdfnam, setprdfent, endprdfent, putprdfnam(3) - manipulate system default database entry for a trusted system
getprpwent, getprpwuid, getprpwnam, getprpwaid, setprpwent, endprpwent, putprpwnam(3) - manipulate protected password database entries (for trusted systems only).
getprtcent, getprtcnam, setprtcent, endprtcent, putprtcnam(3) - manipulate terminal control database entry for a trusted system
getspwent( ), getspwuid( ), getspwaid( ), getspwnam( ), setspwent( ), endspwent( ), fgetspwent( )(3X) - get secure password file entry on trusted systems
iscomsec(2) - check if the system has been converted to a trusted system.
prpwd(4) - protected password authentication database files used for trusted systems
ttsyncd(1M) - Daemon to maintain the password table in sync with the trusted table.
ttys(4) - terminal control database file, for trusted systems


And more passwd man page and tsconvert informations

You can use 10.x versions to know the concepts of trusted systems
Easy to suggest when don't know about the problem!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.