HPE Community
Operating System - HP-UX
1833996 Members
2440 Online
110063 Solutions
New Discussion

secure password

 
SOLVED
Go to solution
attilio_1
Frequent Advisor

‎07-07-2004 11:53 PM

‎07-07-2004 11:53 PM

secure password

Hi
I try to convert my server in a trusted host.
I have read that to held password in protected database in /tcb/files/auth I must
create /tcb directory and after use the command tsconvert. Is right ?
I have some questions:
after this all password are expired and is necessary enter new password with passwd or putprpwnam ?
if user are not able to login is necessary remove /tcb/files/auth/system/pw_id_map, ..gr_id_map, ..aid_id_map ?
I can use useradd or sam, as before, to add user?
there is something to change in nsswitch.conf ?
applications as oracle or web server oc4j, that has a user to run server, has some problem ?

thanks at all
Attilio


0 Kudos
Reply
3 REPLIES 3
Michael Tully
Honored Contributor

‎07-07-2004 11:59 PM

‎07-07-2004 11:59 PM

Re: secure password

You dont create any directories, tsconvert does it for you.

# tsconvert

You can use SAM to set up policies, add users etc. There is no need to touch nsswitch.conf.

The worst part of trusted is that once yo turn it on, all user password expire. Some applications do not like it, but that's part of testing ....
Anyone for a Mutiny ?
0 Kudos
Reply
Michael Tully
Honored Contributor

‎07-08-2004 12:20 AM

‎07-08-2004 12:20 AM

Solution

Re: secure password

To answer the remianing questions:

You can use SAM or useradd etc to still do user administration. It just gets treated in a slightly different manner. Most things get treated the same, just that when trusted is turned more functions are opened and used. What I always suggest with user accounts such as oracle, is that they are used as su accounts only, meaning they are not used as direct login accounts. That way they are managed well (you can see who is using them)
Anyone for a Mutiny ?
Reply
attilio_1
Frequent Advisor

‎07-08-2004 01:14 AM

‎07-08-2004 01:14 AM

Re: secure password

Hi
Thank you Michael

Bye
Attilio
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.