HPE Community
Operating System - HP-UX
1826428 Members
3851 Online
109692 Solutions
New Discussion

Shadow file

 
SOLVED
Go to solution
PVR
Valued Contributor

‎01-02-2004 01:27 AM

‎01-02-2004 01:27 AM

Shadow file

Like other Unix version, HP doesn't use shadow file. Can anybody describe the security mechanism used by HP HP Unix?? Which is the file carrying user age statistics??
Don't give up. Try till success...
0 Kudos
Reply
6 REPLIES 6
Robert-Jan Goossens
Honored Contributor

‎01-02-2004 01:33 AM

‎01-02-2004 01:33 AM

Solution

Re: Shadow file

Hi,

Depending on your HPUX version, it does support shadow password file. But you will need 11.11.

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

If you do not have this version you could convert your server to a trusted server.

Hope this helps,
Robert-Jan
Reply
Graham Cameron_1
Honored Contributor

‎01-02-2004 01:34 AM

‎01-02-2004 01:34 AM

Re: Shadow file

In a non-trusted (ie default) system, password ageing is done in the passwd file itself.
See man 4 passwd and look for the bit which describes the password field.

In a trusted system, it is more complicated, and you need to start here...
http://docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html

-- Graham
Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.
0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

‎01-02-2004 01:39 AM

‎01-02-2004 01:39 AM

Re: Shadow file

HP-UX uses something called a Trusted System where it stores the password files in a root-readable file (just like a shadow file). However it is organized in a different structure.
Each user has their own user file which contains their encrypted passwords, uid, # of unsuccessful logins, if the account is locked, etc.
These files are located at /tcb/files/auth//.

-Hazem
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎01-02-2004 01:53 AM

‎01-02-2004 01:53 AM

Re: Shadow file

There is an add in product available at software.hp.com that allows you to shadow passwords without going trusted. That product is 11i only and shadows the passwords just like a trusted system, so I'm told.

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

On an 11.00 system to shadow the passwords you have to go trusted.

Its not that big a deal, just a few clicks in sam

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Todd McDaniel_1
Honored Contributor

‎01-02-2004 06:43 AM

‎01-02-2004 06:43 AM

Re: Shadow file

My company uses the SecurID package which works very well with the one-time passwords.

The name on the back of my card is ACE (access control & encryption)...



Also, have a look at the /etc/hosts.allow and hosts.deny.

And have a look at the manpage for "security". It outlines many good methods for implementing security via passwords and multiple logins.... You will have to create a /etc/default/security file to insert the parameters.
Unix, the other white meat.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-02-2004 06:51 AM

‎01-02-2004 06:51 AM

Re: Shadow file

HP-UX does indeed use a hidden password file but it is much stronger than the traditional Unix shadow file. Read the man page: prpwd which describes the format in detail. There are many, many features available in a Trusted system that are not found in the old shadow password design. See also: man security


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.