HPE Community
Operating System - HP-UX
1832552 Members
6188 Online
110043 Solutions
New Discussion

shadow passwd file on a NON-trusted machine.

 
B. Chapman
Frequent Advisor

‎12-19-2000 08:03 AM

‎12-19-2000 08:03 AM

shadow passwd file on a NON-trusted machine.

Is it possible to implement a shadow passwd file WITHOUT converting to a trusted system?

Thanks in advace...
Ben Chapman
bchapman@telcordia.com
0 Kudos
Reply
13 REPLIES 13
Senta Buck
Advisor

‎12-19-2000 08:08 AM

‎12-19-2000 08:08 AM

Re: shadow passwd file on a NON-trusted machine.

Yes it is.
We only have a system called schiller.
0 Kudos
Reply
Senta Buck
Advisor

‎12-19-2000 08:10 AM

‎12-19-2000 08:10 AM

Re: shadow passwd file on a NON-trusted machine.

Do you know how to create?
Otherwise:
senta@senta.ch
We only have a system called schiller.
0 Kudos
Reply
CHRIS_ANORUO
Honored Contributor

‎12-19-2000 08:15 AM

‎12-19-2000 08:15 AM

Re: shadow passwd file on a NON-trusted machine.

It is better to convert to TS to have all the seurity works.
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
0 Kudos
Reply
Dan Hetzel
Honored Contributor

‎12-19-2000 08:19 AM

‎12-19-2000 08:19 AM

Re: shadow passwd file on a NON-trusted machine.

Hi Senta Buck,

As I've been believing until now that this wasn't possible on HP-UX,
I'd really like to learn how you managed to convert your passwd file without converting to trusted system.

Could you please explain ?

Thanks,

Dan
Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎12-19-2000 09:07 AM

‎12-19-2000 09:07 AM

Re: shadow passwd file on a NON-trusted machine.

Hi Dan,
Well done! when did you change hat? (Ive missed something?)

About this question, except creating /.secure/etc/passwd but Ive not tested this under HPUX10 or 11, there is always pwconv, but the result is very similar (if not the same) to a trusted system...
I agree with you I would like to know a bit more, and in fact am quite surprised by such an answer: yes I know, if you dont know how then heres my email...
I find it in contradiction with the spirit of such a forum, you are here because you wish to learn, or share your knowledge in an open way, accept to answer when asked... with every one...

0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎12-20-2000 06:31 PM

‎12-20-2000 06:31 PM

Re: shadow passwd file on a NON-trusted machine.

I am surprised by the answer as well. I have always been under the impression that in order to have a shadow password file you had to be on a trusted system.

I, too, would be very interested in knowing how to do it. Especially if it is a way that is supported by HP.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-20-2000 06:58 PM

‎12-20-2000 06:58 PM

Re: shadow passwd file on a NON-trusted machine.

The login/passwd commands as wellas many library routines would all have to be modified in order to find the hidden password file. The standard commands do not have any knowledge of the shadow password file...thus it will not be used. A strings search of /usr/bin/login shows no references to the /.secure location.


Bill Hassell, sysadmin
0 Kudos
Reply
Senta Buck
Advisor

‎12-21-2000 01:06 AM

‎12-21-2000 01:06 AM

Re: shadow passwd file on a NON-trusted machine.

Dear Dan, Dear Victor
I read this question and I didn't know the answer. But I really want to know the answer.

So I ask some of the guys who sit arround me.
(all guys with more than 5 year unix experience)
And they say "yes it is." I don't now until today how I can do "this" without converting to a trusted system. But as they say "it is possible" I belive in their knowledge.

To find out by myself I take one of our testsystems and... I try to find out, without their help.
If I can't get a result, I will ask them how they "fix this".

And the result... of course I will poste in this forum, not by email.


Thanks
We only have a system called schiller.
0 Kudos
Reply
Senta Buck
Advisor

‎12-21-2000 01:32 AM

‎12-21-2000 01:32 AM

Re: shadow passwd file on a NON-trusted machine.

Finally it was my fault to "just" trust in their answer(whitout testing by myself).
But this is all.

We only have a system called schiller.
0 Kudos
Reply
B. Chapman
Frequent Advisor

‎12-21-2000 06:23 AM

‎12-21-2000 06:23 AM

Re: shadow passwd file on a NON-trusted machine.

Senta,

Thanks for at least trying! I appreciate the help. For now, I'm just going to convert one of my test systems to a TS - which is kind of a segue to another question: Does anyone run Oracle 7.x, 8.x, or 8i on a TS? Are there any licensing dilemnas? SQL*Net dilemnas? I really should be posting this type of question on an Oracle forum - but since I'm here right now! ;-)

Thanks again Senta-
Ben.
bchapman@telcordia.com
0 Kudos
Reply
Dan Hetzel
Honored Contributor

‎12-21-2000 07:01 AM

‎12-21-2000 07:01 AM

Re: shadow passwd file on a NON-trusted machine.

Senta,

That's OK. You've definitely been misinformed.

Victor,

You're right, it's a brand new hat. Just before the turn of the century, by chance.

Running 'pwconv' will tell you that your system isn't a trusted host and will ask you if you want to convert it to.
Back to square one...

Ben,

I'm afraid that you'll have to convert to trusted host if you want to have the password shadowing. You can turn all the auditing off anyway. It doesn't make much difference, apart from the password restrictions.

Best regards and merry Christmas to all

Dan
Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎12-21-2000 07:36 AM

‎12-21-2000 07:36 AM

Re: shadow passwd file on a NON-trusted machine.

I run oracle on trusted systems, no there is no licensing dilemna that I know of...
Good luck

0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎12-21-2000 08:03 AM

‎12-21-2000 08:03 AM

Re: shadow passwd file on a NON-trusted machine.

Dear Senta,
Thanks for keeping in touch, you made us revise, my apologies if I offenced you...
Did us some good to wonder if our certitudes were still up to date...
Best wishes

Victor
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.