- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Shadow Password Usage/Install - Issues?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2004 02:06 PM
08-23-2004 02:06 PM
Say, I'm really worried about the OS HPUX with RAC, in particular, 10g.. should I get the vendor Oracle's approval before I install on 11i Production using Rac 10g ? I would hate to break production or wait for a patch from an outside vendor..
Thx in adv..
BTW,
I've installed the package on two test systems, and no problems, but its not production environment running Rac 10g.
see:
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword
also a thread under HP's Security Form:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=590554
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2004 02:12 PM
08-23-2004 02:12 PM
SolutionWe don't take that intermediate step - we convert to full trusted. Every system - period.
Have *not* had a single problem to date.
That covers literally hundreds of systems.
So my advice to you would be - don't mess around with the relatively new shadow PW - do the right thing & go trusted.
It's *much* more secure.
My $0.02,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2004 02:47 PM
08-23-2004 02:47 PM
Re: Shadow Password Usage/Install - Issues?
I personally haven't played with shadow password support, but one thing I've heard that is different from Trusted Systems is that Shadow Password support will be integrated into NIS in a coming release, where as I've heard of no plans to integrate NIS with Trusted Systems.
Even if NIS is not used in your shop, my point is to get you thinking not only in terms of security, but of integration with your name server and authentication mechanisms. If you choose a security model, either Shadow or Trusted, be sure to understand the implications of integrating support for those security models with whatever authentication back-end name service you plan to use in your environment.
Regards,
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-24-2004 01:10 AM
08-24-2004 01:10 AM
Re: Shadow Password Usage/Install - Issues?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2004 03:38 AM
09-03-2004 03:38 AM
Re: Shadow Password Usage/Install - Issues?
After installing Shadow, the Informix database access users can not login. (The users come in via tcp clients and informix database authenticates via normal unix system login using /etc/password file.)
The Informix versions used are: 7.31 and 9.30.
The fix is simple: take the encrypted password from /etc/shadow and copy it back into the database user's account in /etc/passwd.
The other vendor: Oracle, apparently has patches to use Shadow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2004 04:25 AM
09-03-2004 04:25 AM
Re: Shadow Password Usage/Install - Issues?
Well that "fix" kind of negates the purpose of Shadow PW because the "standard" /etc/passwd is world readable whereas the shadow is not.
The purpose being that a "normal" user can't grab a copy of the passwd file, take it off system & run crack or John the Ripper against it.
Personally I've never seen Informix have a problem with the TCB (Trusted Computing Base) structure that a trusted system uses.
You might talk to Informix about using the authentication method on the HP version that they use on Sun because all Sun system utilize the shadow PW principle.
My $0.02,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-07-2004 12:25 AM
09-07-2004 12:25 AM
Re: Shadow Password Usage/Install - Issues?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-07-2004 01:01 PM
09-07-2004 01:01 PM
Re: Shadow Password Usage/Install - Issues?
- turned on Trusted via SAM and here's the difference when looking at file from /.
diff# diff /tmp/nontrusted /tmp/trusted
1264a1265
> /tmp/trusted
58015a58017
> /var/spool/sockets/pwgr/client4708
58017d58018
< /var/spool/sockets/pwgr/client4412
58018a58020
> /var/spool/sockets/pwgr/client4567
58053a58056,58057
> /var/spool/cron/.ataids
> /var/spool/cron/.cronaids
58377d58380
< /var/sam/ann.dion
58378a58382,58383
> /var/sam/sam_tm_work
> /var/sam/ann.dion
59496a59502,59506
> /.secure
> /.secure/etc
> /.secure/etc/audnames
> /.secure/etc/audfile1
> /.secure/etc/audfile2
59512a59523,59594
> /tcb
> /tcb/files
> /tcb/files/auth
> /tcb/files/auth/system
> /tcb/files/auth/system/default
> /tcb/files/auth/system/maxaid
> /tcb/files/auth/a
> /tcb/files/auth/a/adm
> /tcb/files/auth/b
> /tcb/files/auth/b/bin
> /tcb/files/auth/c
> /tcb/files/auth/d
> /tcb/files/auth/d/daemon
> /tcb/files/auth/e
> /tcb/files/auth/f
> /tcb/files/auth/g
> /tcb/files/auth/h
> /tcb/files/auth/h/hpdb
> /tcb/files/auth/i
> /tcb/files/auth/j
> /tcb/files/auth/k
> /tcb/files/auth/l
> /tcb/files/auth/l/lp
> /tcb/files/auth/m
> /tcb/files/auth/n
> /tcb/files/auth/n/nuucp
> /tcb/files/auth/o
> /tcb/files/auth/p
> /tcb/files/auth/q
> /tcb/files/auth/r
> /tcb/files/auth/r/root
> /tcb/files/auth/s
> /tcb/files/auth/s/sys
> /tcb/files/auth/s/smbnull
> /tcb/files/auth/t
> /tcb/files/auth/u
> /tcb/files/auth/u/uucp
> /tcb/files/auth/v
> /tcb/files/auth/w
> /tcb/files/auth/w/www
> /tcb/files/auth/w/webadmin
> /tcb/files/auth/x
> /tcb/files/auth/y
> /tcb/files/auth/z
> /tcb/files/auth/A
> /tcb/files/auth/B
> /tcb/files/auth/C
> /tcb/files/auth/D
> /tcb/files/auth/E
> /tcb/files/auth/F
> /tcb/files/auth/G
> /tcb/files/auth/H
> /tcb/files/auth/I
> /tcb/files/auth/J
> /tcb/files/auth/K
> /tcb/files/auth/L
> /tcb/files/auth/M
> /tcb/files/auth/N
> /tcb/files/auth/O
> /tcb/files/auth/P
> /tcb/files/auth/Q
> /tcb/files/auth/R
> /tcb/files/auth/S
> /tcb/files/auth/T
> /tcb/files/auth/U
> /tcb/files/auth/V
> /tcb/files/auth/W
> /tcb/files/auth/X
> /tcb/files/auth/Y
> /tcb/files/auth/Z
> /tcb/files/ttys
> /tcb/files/devassign
#
I'll have to say, linux rules in this situation. that TCB does not have: /etc/shadow file!
closed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-07-2004 01:01 PM
09-07-2004 01:01 PM