HPE Community
Operating System - HP-UX
1829562 Members
2218 Online
109992 Solutions
New Discussion

Password Shadowing

 
SOLVED
Go to solution
lanke_1
Advisor

‎12-30-2002 01:00 PM

‎12-30-2002 01:00 PM

Password Shadowing

Hi,

If a hpux11.0 system is converted to a trusted system
should I be able to use NFS
to mount the file systems across the systems.

Any ideas would be greatly appreciated.

Thanks in advance,
Lanke


0 Kudos
Reply
10 REPLIES 10
Patrick Wallek
Honored Contributor

‎12-30-2002 01:04 PM

‎12-30-2002 01:04 PM

Re: Password Shadowing

Yes, NFS should still behave normally after converting to a trusted system.

What specific problems or errors are you seeing?
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎12-30-2002 01:07 PM

‎12-30-2002 01:07 PM

Re: Password Shadowing

Hi Lanke,

Yes to your question. Do you have any problems at this moment whit NFS on trusted system?

Kind regrds,

Robert-Jan.
0 Kudos
Reply
lanke_1
Advisor

‎12-30-2002 01:13 PM

‎12-30-2002 01:13 PM

Re: Password Shadowing

Hi Patrick,

Thanks for your response.

I want to implement password
shadowing. I know that trusted systems donot support NIS.As I have got NFS mounted file systems across the systems, Iam wondering whether trusted system could
effect the NFS as well.

1)What are things to be considered while implementing a trusted system on hpux11.0
systems.

2) Impacts on a post implemented trusted system.
(users,ftp users)


Thanks,
Lanke
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎12-30-2002 01:19 PM

‎12-30-2002 01:19 PM

Re: Password Shadowing

Hi,

Since NIS deals with passwords, NIS is not supported over Trusted systems. There is no dependency of NFS on trusted systems and you can safely use it.

As per your questions,

1. YOu may want to roll it in a phased manner. First, convert the systems to trusted but do not implement any policies so that it will be transparent to your users. After converting the system to trusted, disable password expiry option (use SAM -> Auding and Security -> System Securiyt policies) immediately so that the passwords are not expired after conversion. Chart out a site security plan, decide the policies and slowly implement them like password expiry, bad attempts etc.,

2. Nothing if you have taken care of the above policies.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-30-2002 01:36 PM

‎12-30-2002 01:36 PM

Re: Password Shadowing

to avoid password expiry after you convert to trusted mode use

/usr/lbin/modprpw -V
There is no substitute to HARDWORK
0 Kudos
Reply
lanke_1
Advisor

‎12-30-2002 01:42 PM

‎12-30-2002 01:42 PM

Re: Password Shadowing

Sridhar,
Thanks for your timely response.
What about the patches?.
Do I have to Install any latest security patches.
By the way Iam on HPUX11.0


Thanks once again,
Lanke




0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎12-30-2002 01:46 PM

‎12-30-2002 01:46 PM

Solution

Re: Password Shadowing

Hi,

We keep up with patches. So, I havent' had any issues after convering our systems to trusted. I suggest a good site policy includes regular patching too.

But you should be ok unless the patch levels are too old.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Patrick Wallek
Honored Contributor

‎12-30-2002 01:48 PM

‎12-30-2002 01:48 PM

Re: Password Shadowing

It never hurts to have the latest security patches installed, but there are no patches that I know that are specifically for a trusted system.
0 Kudos
Reply
avsrini
Trusted Contributor

‎12-30-2002 05:49 PM

‎12-30-2002 05:49 PM

Re: Password Shadowing

Hi Lanke,
We are using NFS and trusted systems. We are not having any problems so far.

After converting the system to trusted mode, you have to take care of the user password aging, password length, inactivity time, etc. etc.

You can use
/usr/lbin/getprpw to get the settings
and
/usr/lbin/modprpw to modify the settings

In HPUX 11i, you have a man for both commands.

also you can use logins command, which gives nice formatted output.

also you can use the SAM for these tasks.

If you have any modems using, you have to give permissions for users
to access them.

Srini.
Be on top.
0 Kudos
Reply
Timothy P. Jackson
Valued Contributor

‎12-31-2002 05:22 AM

‎12-31-2002 05:22 AM

Re: Password Shadowing

Lanke,
Although NIS is not supported, NIS+ is supported on trusted systems. Maybe you want to implement NIS+. It is a little more work as far as administration but once it is all up and working it not to bad.

Good Luck,
Tim
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.