HPE Community
Operating System - HP-UX
1821645 Members
2976 Online
109633 Solutions
New Discussion юеВ

Shadow Passwd

 
SOLVED
Go to solution
PVM_2
Occasional Contributor

тАО04-11-2011 09:13 PM

тАО04-11-2011 09:13 PM

Shadow Passwd

Hi,

Converting /etc/passwd to /etc/shadow using pwconv will affect applications.I have oracle users in my system.System is HP-UX 11.23.

Regards,
PVM.
0 Kudos
Reply
4 REPLIES 4
YMP
New Member

тАО04-12-2011 12:37 AM

тАО04-12-2011 12:37 AM

Re: Shadow Passwd

Hello PVM,

When you convert /etc/passwd file to /etc/shadow, all the user's password gets lock.You need to reset the password with password complexity.So if your application user created on OS level then you need to reset/unlock the user.

Thanks

Reply
Matti_Kurkela
Honored Contributor

тАО04-12-2011 04:38 AM - last edited on тАО08-04-2011 09:14 AM by

тАО04-12-2011 04:38 AM - last edited on тАО08-04-2011 09:14 AM by

Solution

Re: Shadow Passwd

[Will it affect applications?]

The answer will be very similar to the situation with the Trusted System mode in your earlier thread:

http://h30499.www3.hp.com/t5/System-Administration/Changing-Untrusted-system-to-Trusted-System/m-p/4775901#M390435

 

If your application does not use HP-UX system passwords or any other authentication information, it will not be affected at all.

If the application uses PAM libraries to perform authentication, it will most likely not be affected at all.

But if the application expects to read password hashes from /etc/passwd (either by reading the file directly, or by using getpwent()/getpwuid()/getpwnam() system calls) and cannot support the /etc/shadow-specific fgetspent()/getspnam() system calls, the authentication functions of the application will fail.

On one hand, the getsp...() system calls are standard in many other Unix-style OSs, so many multi-platform applications should be easy to convert to use them on HP-UX too.

On the other hand, the shadow password system is much newer on HP-UX specifically than the old Trusted System mode, so if the application is old and it has not been updated for 11.23/11.31, it is somewhat more likely to have problems with shadow passwords than with the Trusted System mode.

MK

MK
Reply
Viktor Balogh
Honored Contributor

тАО04-12-2011 05:52 AM

тАО04-12-2011 05:52 AM

Re: Shadow Passwd

>When you convert /etc/passwd file to /etc/shadow, all the user's password gets lock.
>You need to reset the password with password complexity

this is not true. with pwconv, all the password hashes in /etc/passwd will be replaced with an "x", and the existing hashed will be transferred to /etc/shadow. so this means that after a pwconv every user can log in with his/her old password. this is also true to backconverting with pwunconv, the passwords will be retained.
****
Unix operates with beer.
Reply
aht
New Member

тАО12-03-2012 03:48 AM

тАО12-03-2012 03:48 AM

Re: pwconv

we have ia64 hp server rx8640 setup as nPar running 11.23 and we ran pwconv to convert the system to use the shadow passwords. System was not a trusted system. System has locked out all the users login including root. No user can login incl root. Now have to reset the super user password using Single user mode and reboot !!

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.