HPE Community
Operating System - HP-UX
1830657 Members
29211 Online
110015 Solutions
New Discussion

Trusted MC/ServiceGuard system ?

 
John McKiernan
Advisor

‎11-26-2002 01:21 PM

‎11-26-2002 01:21 PM

Trusted MC/ServiceGuard system ?

Security procedures suggest I convert a server to trusted mode. But I am concerned about the implication of MC/ServiceGuard which is the primary feature of this DB backend system. Has MC/SG been certified with trusted mode ? What documentation is available regarding issues ?
0 Kudos
Reply
9 REPLIES 9
Sridhar Bhaskarla
Honored Contributor

‎11-26-2002 01:30 PM

‎11-26-2002 01:30 PM

Re: Trusted MC/ServiceGuard system ?

Hi John,

We do have many implementations here where trusted systems are on ServiceGuard.
ServiceGuard and trusted feature are two seperate independent entities.

You can safely convert the systems to trusted.


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Martin Johnson
Honored Contributor

‎11-26-2002 01:38 PM

‎11-26-2002 01:38 PM

Re: Trusted MC/ServiceGuard system ?

All our ServiceGuarded systems are trusted. We have never had any problems caused by the two running on the same system.

HTH
Marty
0 Kudos
Reply
Ashwani Kashyap
Honored Contributor

‎11-26-2002 06:42 PM

‎11-26-2002 06:42 PM

Re: Trusted MC/ServiceGuard system ?

I am running sevral SG clusters in trusted mode without any problems .

Just last week I converted another running cluster from untrsted to trusted mode without any problems .
Go for it . And the trusted computing base and MC SG are totally diffrent features/products , so you don't have to worry about any issues .
0 Kudos
Reply
Juan Manuel López
Valued Contributor

‎11-27-2002 12:43 AM

‎11-27-2002 12:43 AM

Re: Trusted MC/ServiceGuard system ?

All our systems are on trusted mode. Also we have a cluster HP/UX on trusted system, and there are no problem with it.
I suggest you to convert your system to trusted system to increase the system security.

" tsconvert -c " command will help you.

I hope this help you.

Regards.

Juanma.
I would like to be lie on a beautiful beach spending my life doing nothing, so someboby has to make this job.
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎11-28-2002 10:22 PM

‎11-28-2002 10:22 PM

Re: Trusted MC/ServiceGuard system ?

Hi,

We have been using MC/ServiceGuard clusters of SAP and Oracle databases residing on trusted (i.e. tcb-converted) HP-UX 11.00 without issues.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

‎11-28-2002 10:28 PM

‎11-28-2002 10:28 PM

Re: Trusted MC/ServiceGuard system ?

Also we have all our systems trusted and MCSG on it with several databases in different DB releases

Chris
0 Kudos
Reply
John McKiernan
Advisor

‎12-03-2002 06:40 PM

‎12-03-2002 06:40 PM

Re: Trusted MC/ServiceGuard system ?

Given this uniform opinion that this is safe, why is it I
can't login any more after the change ?! Results :

bastion$ ssh db1-m
jmckiern@db1-m's password:
Permission denied, please try again.
jmckiern@db1-m's password:

"telnet" and "r" services were previously disabled, and SSH was the only way in. Now it doesn't work. I tried several non-UID-0 accounts and a UID-0 account. The
latter fails because of
the /etc/securetty data.

While I was on the server after "tsconvert" , I saw good copies of the password ciphers in /tcb/files/auth .
My UID-0 shell timed out and
I can't get it back or make new connections to it.

I converted only one node, the other still works, and the application is not yet "live" .
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

‎12-03-2002 10:30 PM

‎12-03-2002 10:30 PM

Re: Trusted MC/ServiceGuard system ?

Hi
what is the errormessage from the sshd (normally located in syslog). You can start sshd with option -d to see verbose output. Multiple -d options increase the debugging level

Try to connect with ssh -v

We only use openssh to connect to our servers (all trustetd) and it works really fine.

Chris
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎12-03-2002 10:39 PM

‎12-03-2002 10:39 PM

Re: Trusted MC/ServiceGuard system ?

Hi,

When you convert a system to trusted, more stringent default password policies apply.

If your existing user passwords do not follow these new policies of TCB such as minimum password length, your access using the old password will be blocked until you change it.

Have you tried troubleshooting yourself?

1) Enable telnet and see if it works. If access works, then the problem lies with SSH. What version were you using and was it compiled with tcb? If access does not work, it is likely due to password policies. Try 2).

2) Change the password of the user. Use root to change the user account's password to alphanumeric and greater than 8 characters long and see if it now works.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.