HPE Community
Operating System - HP-UX
1833372 Members
3121 Online
110052 Solutions
New Discussion

trusted and shadow password

 
SOLVED
Go to solution
Elena Leontieva
Esteemed Contributor

‎01-09-2007 07:18 AM

‎01-09-2007 07:18 AM

trusted and shadow password

Hello,

The Shadow Password is installed on the server running HP-UX 11i v1. We are going to convert the system to Trusted mode. Does Shadow Password work in trusted mode?

Are there any known issues with Hp-UX Secure shell A.04.40.006 in a trusted mode?


Thanks,
Elena.
0 Kudos
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎01-09-2007 07:26 AM

‎01-09-2007 07:26 AM

Re: trusted and shadow password

Shalom Elena,

The conversion from shadow password to trusted mode may fail. If it does, you may need to get shadow password out before going trusted.

Shadow password gets the password out of the /etc/passwd file into a file called /etc/shadow.

Trusted system takes the passwords and puts them into a single file for every user in the /tcb folder.

Its more secure than shadow but may not be compatible.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Patrick Wallek
Honored Contributor

‎01-09-2007 09:00 AM

‎01-09-2007 09:00 AM

Re: trusted and shadow password

You will have to turn off the shadow password and then convert to trusted.

The 'pwunconv' converts back to a regular /etc/passwd file (no /etc/shadow). From there you can convert to a trusted system.
0 Kudos
Peter Nikitka
Honored Contributor

‎01-09-2007 09:17 AM

‎01-09-2007 09:17 AM

Re: trusted and shadow password

Hi,

note, that you will loose password aging information of /etc/shadow - you'll have to setup this as new on your trusted system!

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Bill Hassell
Honored Contributor

‎01-09-2007 03:25 PM

‎01-09-2007 03:25 PM

Solution

Re: trusted and shadow password

The shadow password product is incompatible with a Trusted system. You have to choose one or the other. A Trusted system has more security features but requires a separate database (/tcb directory) to store all the attributes and settings.


Bill Hassell, sysadmin
0 Kudos
Elena Leontieva
Esteemed Contributor

‎01-10-2007 04:03 AM

‎01-10-2007 04:03 AM

Re: trusted and shadow password

Yes, that is what I thought ... and I did the following:
pwunconv
reboot
swremove ShadowPW

Note that swlist still shows the Shadow Password bundle even though the ShadowPW is not on the system. I feel the removal of the Shadow Password software is a kind of flaky.

Thanks for your help.
Elena.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.