HPE Community
Operating System - HP-UX
1838560 Members
3120 Online
110127 Solutions
New Discussion

Re: Trusted System

 
Paul McCleary
Honored Contributor

‎11-06-2001 06:47 AM

‎11-06-2001 06:47 AM

Trusted System


Does anybody know what the overhead of implementing a trusted system is? Other than performance (any idea what the performance hit is?).

Are there other issues such as not being able to recover when the root password is lost etc?

I know what the advantages are, just need to be aware of the negatives.

Thanks, Paul
0 Kudos
Reply
4 REPLIES 4
G. Vrijhoeven
Honored Contributor

‎11-06-2001 06:53 AM

‎11-06-2001 06:53 AM

Re: Trusted System

Hi Paul,

Just take a look at the history in the formum on this subject.

the URL:

http://europe-support2.external.hp.com/emse/bin/doc.pl/sid=cb06260500bf33dcdd?todo=search&searchtext=trusted+system&searchcriteria=allwords&searchtype=SEARCH_FORUMS&searchcategory=ALL&rn=25&presort=rank

hope this will give you some ideas

Gideon
0 Kudos
Reply
Bernie Vande Griend
Respected Contributor

‎11-06-2001 07:59 AM

‎11-06-2001 07:59 AM

Re: Trusted System

Really no performance hit that would be noticed.

Root password can still be reset from single user mode unless you set up the option to require a password in single user mode. Only trusted mode gives you that option. if you choose that option, HP says it is wise to have a backdoor for getting root password back or converting to untrusted:
http://us-support3.external.hp.com/cki/bin/doc.pl/sid=577630d41b9e076ca5/screen=ckiDisplayDocument?docId=200000048456189

As far as other negatives:
Not all applications work with Trusted mode. Some older applications are written poorly and have trouble with authentification as Trusted demands passwords of at least 6 characters.
Also, users may have to choose new passwords whenever you convert to Trusted mode or convert back.
You may find root's account disable on occasion as the default is 3 failed attempts. When that happens you need to login from the console as root to get in to clear it up again. We upped this to 5 on our systems so it doesn't happen as frequently.
The key is to test your applications running in trusted mode to make sure everything still functions properly.
Ye who thinks he has a lot to say, probably shouldn't.
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎11-06-2001 08:14 AM

‎11-06-2001 08:14 AM

Re: Trusted System

hi,

There is *NO* performance overhead with Trusted systems.

I don't see any negatives from the system-side. The improved restrictions on number of bad logins, disabling of accounts, expiry of accounts, passwords etc
are all security features and
not negatives.

The only problem i faced with trusted system was not
able to get it to work with a
NIS+ setup. This was a year
back. I am not sure whether
the problem got resolved.

Other than that, i don't
see any issues. We run trusted
setup on all the boxes without
any issues.

For applications, an account
is an account whether it is
a trusted one or not.

HTH
raj
Take it easy.
0 Kudos
Reply
Michael Tully
Honored Contributor

‎11-06-2001 02:05 PM

‎11-06-2001 02:05 PM

Re: Trusted System

Hi,

Other than what has already been mentioned, you will find that *ALL* accounts will have their passwords expired upon making your system trusted. This can be a disadvantage if your user community is not prepared for it. If they are unaware you could have a mutiny on your hands.

HTH
-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.