HPE Community
Operating System - HP-UX
1830729 Members
2183 Online
110015 Solutions
New Discussion

shadowing /etc/passwd

 
SOLVED
Go to solution
John_608
Advisor

‎12-02-2003 01:10 AM

‎12-02-2003 01:10 AM

shadowing /etc/passwd

I am running d class server with hpux 10.20 how do i shaddow the password file tsconvert does not seem to exist as in hpux11
0 Kudos
Reply
14 REPLIES 14
Patrick Wallek
Honored Contributor

‎12-02-2003 01:11 AM

‎12-02-2003 01:11 AM

Solution

Re: shadowing /etc/passwd

tsconvert does exist in HP-UX 10.20. It is in the /usr/lbin directory.
Reply
John_608
Advisor

‎12-02-2003 01:14 AM

‎12-02-2003 01:14 AM

Re: shadowing /etc/passwd

do i simply run this as i do in 11.X
0 Kudos
Reply
melvyn burnard
Honored Contributor

‎12-02-2003 01:27 AM

‎12-02-2003 01:27 AM

Re: shadowing /etc/passwd

Yes
But the BETTER way is to run it from SAM, as there have been known issues with running the manual command
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎12-02-2003 01:28 AM

‎12-02-2003 01:28 AM

Re: shadowing /etc/passwd

Yes. It works pretty much the same as in 11.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎12-02-2003 01:59 AM

‎12-02-2003 01:59 AM

Re: shadowing /etc/passwd

Hi,

Please ensure your system is well patched BEFORE you run tsconvert. The supported way to convert the system is via SAM, which of course uses tsconvert.

There are a number of trusted system patches that you must have otherwise tsconvert can cause problems.

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
John_608
Advisor

‎12-02-2003 02:45 AM

‎12-02-2003 02:45 AM

Re: shadowing /etc/passwd

can someone please tell me patches are needed as this machine is not patched.

points to be awarded at end.

thanks
john.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎12-02-2003 02:55 AM

‎12-02-2003 02:55 AM

Re: shadowing /etc/passwd

Hi John,

at the very least you need:

PHCO_8246
PHCO_8247
PHCO_17218
PHCO_22768

and the following SAM patches:

PHCO_12236
PHCO_22268

You must also realise that there are many other essential patches for 10.20 (ie PHKL_16751), and that it is an obsolete, out of support OS.

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
Emil Velez
Honored Contributor

‎12-02-2003 11:19 AM

‎12-02-2003 11:19 AM

Re: shadowing /etc/passwd

tsconvert is the trusted systems conversions. the passwords are put in /tcb

HPUX 11.11 supports the true shadow password functionality with pwconv and pwunconv.

I just wanted to make sure you understand that this is not the shadow password functionaity.

Sam can convert a system from trusted mode and back when you go into auditing and security.

Good luck
0 Kudos
Reply
John_608
Advisor

‎12-02-2003 08:34 PM

‎12-02-2003 08:34 PM

Re: shadowing /etc/passwd

in hpux 11 tsconvert creates a /tcb directory but i cant see where the files are in 10.20 any help appreciated.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎12-02-2003 09:05 PM

‎12-02-2003 09:05 PM

Re: shadowing /etc/passwd

Hi John,

The files are under /tcb at 10.20 too. If you've already trusted the system then /etc/passwd will have asterisks instead of passwords for each user.

It really is better to use SAM to trust the system, it is the supported way and I think it gives you more info if there are errors. Did tsconvert complete successfully, were there any error messages returned, was the return code 0?

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
John_608
Advisor

‎12-02-2003 09:34 PM

‎12-02-2003 09:34 PM

Re: shadowing /etc/passwd

Darren i am looking at a converted system. not by me. and there are asterics in the passwd file but no /tcb directory. when tsconvert is run or sam is run can a different directory be specified ?

cheers
John.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎12-02-2003 09:44 PM

‎12-02-2003 09:44 PM

Re: shadowing /etc/passwd

Hmmm - and the accounts with asterisks includes non-system accounts? (lp, bin and a few others are normally disabled and so have an asterisk in their passwd field.)

To the best of my knowledge there is no choice of directory for /tcb, so if /tcb doesn't exist then something has gone wrong.

Is the system patched with the tsconvert and SAM patches? Are all the other critical patches installed?

The following command will highlight any unconfigured filesets:
swlist -l fileset -a state | grep -ve configured -e \#

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
John_608
Advisor

‎12-02-2003 10:16 PM

‎12-02-2003 10:16 PM

Re: shadowing /etc/passwd

Darren

guess who only looked at the initial part of the passwd file for asterics ! sorry i wasted your time problem resolved.

John.
0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

‎12-02-2003 10:30 PM

‎12-02-2003 10:30 PM

Re: shadowing /etc/passwd

Just an fyi, but if you want to know if a system has been converted to a trusted system, execute "/usr/lbin/getprdef -r". If it says something to the effect of "your system is not trusted", then you'll know. That's usually a quicker and surer way of knowing.

-Hazem
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.