HPE Community
Operating System - HP-UX
1830162 Members
2269 Online
109999 Solutions
New Discussion

Trusted System Configuration

 
Jim Mallett
Honored Contributor

‎06-19-2003 08:37 AM

‎06-19-2003 08:37 AM

Trusted System Configuration

I've gone through the manual and I've converted a test system to a Trusted System so I'm pretty comforatable with it.

One thing I am unable to find is: Is it possible to set the password controls (ie: aging, expiration, time-based) during the conversion. I'd rather not have to go thru every account afterwards and make the adjustments.

Any thoughts are appreciated.

Jim Mallett
Hindsight is 20/20
0 Kudos
Reply
5 REPLIES 5
Stefan Farrelly
Honored Contributor

‎06-19-2003 08:43 AM

‎06-19-2003 08:43 AM

Re: Trusted System Configuration

When you convert it will use the default password aging/expiration etc. settings.

I dont think you can change these settings once you convert. After you convert there is a default settings file for all new accounts added, but not those converted. You can easily write a script to use the modprpw command to set the settings you want for all users straight after you convert to trusted.

Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Ken Penland_1
Trusted Contributor

‎06-19-2003 08:44 AM

‎06-19-2003 08:44 AM

Re: Trusted System Configuration

sure, using the modprdef command will do that for you....attached is what I have for documentation on it...basically the syntax would go something like this:

/usr/lbin/modprdef -m lftm=120,exptm=90

that would set the default password lifetime to 120, and the password expire time to 90 days...check out the txt file for more..



'
0 Kudos
Reply
Keith Buck
Respected Contributor

‎06-19-2003 01:34 PM

‎06-19-2003 01:34 PM

Re: Trusted System Configuration

The latest version of HP-UX Bastille will help you set some of these password policies, including max, min, and warn times. It will also do the conversion to trusted mode if desired.

If you'd like the implementation details, you can look in AccountSecurity.pm, sub setPWpolicies, which has examples of using the underlying commands, and a loop to go through all users.

time-based access controls aren't currently in Bastille...sorry. An option is to look at the SAM log when you change one user to see the right options for modprdef, then use write a quick shell/perl script to loop through all users.

Hope that helps.

-Keith
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-19-2003 01:47 PM

‎06-19-2003 01:47 PM

Re: Trusted System Configuration

You can also set this stuff with a combination of the useradd command and the passwd command.

When you add the user the features for making the user expire if they don't use the id for x number days will work.'

I set those policies in the scripts that operations uses to create the user. Default user policy I set in sam because I was lazy that day.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Darren Prior
Honored Contributor

‎06-20-2003 12:58 AM

‎06-20-2003 12:58 AM

Re: Trusted System Configuration

Hi Jim,

Just to add to some of the previous responses; the /tcb/files/auth/system/default file contains default settings for the ageing, etc. This file is overridden if any of the parameters are contained in a user's tcb file. Hence if you have a house policy of password ageing you can apply it to everyone using the default file, any individual that needs special settings (eg a short term account0 can be defined separately.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.