man modprpw only exists on 11i systems or you can read the man page at docs.hp.com (see also getprpw and prpw). When you run SAM and enter the "Auditing and Security" section, selecting the first item "Auditing Events" will ask you about converting to Trusted. If you say yes, the conversion will take place. This is the supported way although you can use the undocumented /usr/lbin/tsconvert which is how SAM performs the task. Note that *everything* in /usr/lbin is considered 'backend' and subject to undocumented changes.
AS far as affecting your system, going Trusted allows you to add a lot more security to your system in the form of password controls, expiration, login restrictions, etc. A Trusted system *is* a shadow password design but far more sophisticated than the old shadow system. Whetre you may find difficulties is with application programs that have archaic code for authentication that acceses the password files directly rather than using PAM modules. If this turns out to be the case, the /usr/lbin/tscovert -r (-r=revert, -c=convert) command can put everything back to normal.
Since a Trusted system understands and honors long passwords, a user that had a long (more than 8 chars) password must type only the first 8 in a Trusted system to login. Once in, the user may then create a new password that is longer than 8 chars and it will be validated only when the exact password is entered. And conversely, if a user picks a long password and the system is subsequently converted back to non-Trusted, the password will never work and must be reset by root.
While this may seem complicated, trusted systems do offer a clean and stable way to ensure good security controls, most of which are not available in a non-trusted system.
Bill Hassell, sysadmin
