HPE Community
Operating System - HP-UX
1833777 Members
1994 Online
110063 Solutions
New Discussion

Root password..?

 
SOLVED
Go to solution
rvent
Frequent Advisor

‎03-09-2007 02:50 AM

‎03-09-2007 02:50 AM

Root password..?

Hello,

Today one of the other admins was trying to his password, but she messed up and ended up changing root's password to null.

I just changed root's password, but i need tto find out how to enforce the passwords so that they are not null (at least for root)

I was reading on some previous post and i got this:
/usr/lbin/getprdef -m rstrpw Which results on:
System is not trusted.

I tried man getprdef, but no man page was found. Also there is not /etc/default/security. The only "security" that "find" found was "/etc/opt/dce/security", but it is an empty folder..

Any ideas on how can i enforce passwords not being null...? And what is getprdef..? Why does my system says it is not trusted..?

Thanks
0 Kudos
Reply
5 REPLIES 5
Jeff_Traigle
Honored Contributor

‎03-09-2007 02:59 AM

‎03-09-2007 02:59 AM

Solution

Re: Root password..?

See security(4) man page. The MIN_PASSWORD_LENGTH parameter controls minimum password length. However, since your system is not running in trusted mode, it will have no effect on the root account.

Your system says it's not trusted because no one made it trusted by running tsconvert (or doing so in SAM). Your password hashes are stored in /etc/passwd (or possible /etc/shadow if you have Shadow Passwords installed).
--
Jeff Traigle
Reply
rvent
Frequent Advisor

‎03-09-2007 03:12 AM

‎03-09-2007 03:12 AM

Re: Root password..?

All the HP-UX systems that we have are part of a service guard cluster, would that affect anything..?

What would the difference be between the trusted and not trusted...?

Thanks
0 Kudos
Reply
Sundar_7
Honored Contributor

‎03-09-2007 03:16 AM

‎03-09-2007 03:16 AM

Re: Root password..?

Hi,

"Trusting" a system makes your HP-UX C2-level security complaint. Trusting comes with lots of benefits, but at times it can be a pain too.

I have seen cases where the application stopped working because of the trusted system conversion.

If you convert your system to trusted, then the passwords will be removed from /etc/passwd and /tcb tree will be created where the passwords will be stored, along with other information. This will also enable some default security measures like account lockout after specific number of unsuccessful tries and stuff.

But if you want to enforce "not null" password policy without trusting the system then it may involve some scripting or C programming. You can create a wrapper and use /usr/lib/makekey to create encrypted passwords.

Sundar.
Learn What to do ,How to do and more importantly When to do ?
Reply
Sundar_7
Honored Contributor

‎03-09-2007 03:19 AM

‎03-09-2007 03:19 AM

Re: Root password..?

It will not directly have any effect on the SG cluster but there are some applications which directly try to get the password entry from /etc/passwd and authenticate the users instead of relying on the PAM to perform the authentication for them,

If it is a plain database server, most probably you will be fine.

There are number of differences between trusted and non-trusted systems. The most obvious ones you will probably notice is the account lockout and even root will be asked for the old password before the password can be changed.

This will mean you will have couple more steps to follow when you forget the password and reboot the system in single user mode !! :-)

Sundar
Learn What to do ,How to do and more importantly When to do ?
Reply
rvent
Frequent Advisor

‎03-09-2007 03:30 AM

‎03-09-2007 03:30 AM

Re: Root password..?

Well i am not sure about how our ERP authenticates the user accounts, so i contacted the ERP tech support to see what i can expect and see if it is worth the trouble since the system only provides services to our private network...

Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.