HPE Community
Operating System - HP-UX
1830898 Members
2234 Online
110017 Solutions
New Discussion

Re: Trusted computer base in HP-UX

 
SOLVED
Go to solution
Amit Manna_6
Regular Advisor

‎06-02-2004 04:54 PM

‎06-02-2004 04:54 PM

Trusted computer base in HP-UX

Hi,

Can anybody please let me know how to implement TCB in HP-UX 11.0. Please let me know if there is some good doc on the HP Site.

Thanks and Regards,

Amit Manna
0 Kudos
Reply
7 REPLIES 7
Joseph Loo
Honored Contributor

‎06-02-2004 05:28 PM

‎06-02-2004 05:28 PM

Re: Trusted computer base in HP-UX

hi,

a good doc will be:

http://www.docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html

especially "Setting Up Your C2-Level Trusted System" to setup.

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Hoefnix
Honored Contributor

‎06-02-2004 05:34 PM

‎06-02-2004 05:34 PM

Solution

Re: Trusted computer base in HP-UX

Amit,

tsconvert will do the job, but you can better convert via SAM.

Found some doc's but they are for 11i.
http://docs.hp.com/hpux/pdf/B2355-90781docs.pdf

http://docs.hp.com/hpux/pdf/B2355-90782docs.pdf

http://docs.hp.com/hpux/pdf/B2355-90780docs.pdf

Check also some threads on this forum (check TCB) because there are allot points of attention when converting a live system to TCB.

Example:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=112704


HTH,
Peter
Reply
doug hosking
Esteemed Contributor

‎06-03-2004 09:44 PM

‎06-03-2004 09:44 PM

Re: Trusted computer base in HP-UX

Also be sure you are current on patches, especially for libsec. Some of the libsec patches are important for minimizing performance impact on the system, especially on large memory/IO configurations.
0 Kudos
Reply
John Carr_2
Honored Contributor

‎06-03-2004 09:48 PM

‎06-03-2004 09:48 PM

Re: Trusted computer base in HP-UX

Hi

make sure your root password is not longer than 8 characters or the conversion program will truncate it in the process and you will not be able to login as root. Ensure when you run tsconvert or through sam you have another root window open in case of problems.

also be aware that after conversion users will be forced to change password unless you issue command /usr/lbin/modprpw -V

you can use the search box at the top of the page to search for tsconvert and find lots of previous psoting on this subject.

john.
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎06-03-2004 10:05 PM

‎06-03-2004 10:05 PM

Re: Trusted computer base in HP-UX

Actually, the passwords are ALWAYS truncated to at most 8 characters in standard mode. Anything after 8 characters is simply ignored when typed. The conversion process doesn't truncate passwords; it only changes the way existing passwords are interpreted. But the overall point is still valid - be careful if you think you have passwords more than 8 characters. If you set a long password AFTER the conversion to trusted mode, all the characters will be used in the comparison, because trusted mode stores passowrds in a form where there is space for the longer ones. Oh, the joys of backward compatibility...
0 Kudos
Reply
John Carr_2
Honored Contributor

‎06-03-2004 10:13 PM

‎06-03-2004 10:13 PM

Re: Trusted computer base in HP-UX

Amit

also ensure your system is patched for tscovert, HP recommended patch level PHCO_28980

John.
0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎06-04-2004 12:51 AM

‎06-04-2004 12:51 AM

Re: Trusted computer base in HP-UX

Hi Amit,
Find attached the docs for implementing TCB on your system.
Hope that helps.
Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.