HPE Community
Operating System - HP-UX
1834155 Members
2584 Online
110064 Solutions
New Discussion

Re: scripting tcb additions

 
Keith Floyd
Advisor

‎10-26-2000 06:47 AM

‎10-26-2000 06:47 AM

scripting tcb additions

Hi

I am trying to write a script to add users on a tcb system (we add about 12 a day)
has anyone done this ??

I am using useradd and then removing it (taking the UID and audit No) and recreating it with echo >>
I have chosen null passwd, 90 days inactivity. It all looks right to me but when I telnet in as user I still get asked for passwd.

I had taken options from a new user setup via SAM

Thanks

Keith

0 Kudos
Reply
3 REPLIES 3
Kofi ARTHIABAH
Honored Contributor

‎10-26-2000 07:52 AM

‎10-26-2000 07:52 AM

Re: scripting tcb additions

the reason you cannot just add an entry to /etc/passwd and expect it to work is because trusted systems use shadow passwds and the actual passwords are not stored in /etc/passwd but in the directory structure /tcb/files/auth/

The command you can use to modify user password properties is: modprpw

see the thread:

http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x8ae76c96588ad4118fef0090279cd0f9,00.html

or do a search for modprpw in the forums.

Good luck
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
John Eaton
Frequent Advisor

‎10-26-2000 08:37 AM

‎10-26-2000 08:37 AM

Re: scripting tcb additions

I agree with the last response.
Trying to hand modify users on a trusted system is not recommended, unless you're very familiar with the TCB database structure.
The useradd command, by default, does not assign a password. Instead it assigns places a * in the password field, thus preventing a login, until the passwd command is executed. Removing the * allows a no password login, but by default TCB does not allow null passwords, so it forces you to set a password.
The command modprpw can be used to safely modify the TCB database, but again, is not recommended if you are unfamiliar with TCB.
I've done extensive scripting with useradd, passwd and modprpw (and getprpw). If you are still interested email me: john.eaton@cdicorp.com
0 Kudos
Reply
Madhu Sudhan_1
Respected Contributor

‎10-26-2000 09:56 AM

‎10-26-2000 09:56 AM

Re: scripting tcb additions

Just by adding an entry in the /etc/passwd will not allow the user to login into the system becuase it is a trusted system and having null password is not allowed as one of its default policy.

It also requires an entry in the trusted database "/tcb/auth/files".

The password field in /etc/passwd in a trusted system should be * and not a null.

As a whole a user must have an entry in the trusted base, as well as /etc/passwd etc.


......Madhu
Think Positive
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.