HPE Community
Operating System - HP-UX
1834156 Members
2407 Online
110064 Solutions
New Discussion

Trusted Systems

 
SOLVED
Go to solution
Erich Donze
Occasional Advisor

‎06-09-2003 01:00 PM

‎06-09-2003 01:00 PM

Trusted Systems

I'd like to turn on shadowed passwords. I tried
/usr/sbin/pwconv
It said I needed to use sam and convert the system to a trusted system. I'd like to do this, but I'm concerned that it will do crazy things, like force me to change passwords that more than one person needs access to, or that is coded in a script somewhere. Should I trust trusted systems? Is there a way to implement just portions of the trustedness? Thanks in advance,
Erich
0 Kudos
Reply
7 REPLIES 7
Hai Nguyen_1
Honored Contributor

‎06-09-2003 01:04 PM

‎06-09-2003 01:04 PM

Re: Trusted Systems

Erich,

Using SAM to to turn your system into the trusted environment is th safest and easiest way. It will NOT force you to change passwords.

Hai
0 Kudos
Reply
Paul Sperry
Honored Contributor

‎06-09-2003 01:07 PM

‎06-09-2003 01:07 PM

Re: Trusted Systems

use SAM to convert you system to trusted. If a code or script breaks you can always use sam to go back to being untrusted. I
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎06-09-2003 01:32 PM

‎06-09-2003 01:32 PM

Solution

Re: Trusted Systems

You didn;t mention, but if you're on 11i you can install the ShadowPassword product seperately from converting to a trusted system.

D/L the software from

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=ShadowPassword
Reply
Jeff Schussele
Honored Contributor

‎06-09-2003 01:49 PM

‎06-09-2003 01:49 PM

Re: Trusted Systems

Hi Erich,

Be careful - converting to trusted CAN alter PWs. Specifically PWs *longer* than 8 chars. What happens is ONLY the first 8 chars are converted, BUT when you enter the original PW ALL the chars are evaluated. Will work if after converting you ONLY enter the first 8 chars of the org PW.
Another thing to do when converting is to have TWO root windows open so that when you test the root login/PW - you have *another* window where you can manipulate the root PW from...just in case.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Michael Tully
Honored Contributor

‎06-09-2003 02:10 PM

‎06-09-2003 02:10 PM

Re: Trusted Systems

If you have an environment where people share passwords ... security problem ...
Your better to get these people to use seperate accounts and run the same profile/menu program where you can.
if they need command line access, then have them 'su' to these accounts. Then at least everything is logged.

As far as passwords are concerned, and the length of these, Jeff has answered this question. Do bear in mind that *all* passwords expire when converting to a trusted system.

Regards
Michael
"When I have trouble spelling, it's called fat finger syndrome"

Anyone for a Mutiny ?
0 Kudos
Reply
Keith Buck
Respected Contributor

‎06-10-2003 07:04 AM

‎06-10-2003 07:04 AM

Re: Trusted Systems

Note that using SAM or Bastille to convert to trusted system uses modprpw to NOT expire all password immediately. Using tsconvert manually expires passwords as a default side-effect.

If all you need is shadow passwords, definitely try the "Shadow Password" product mentioned above. Trusted systems also enables a lot of auditing features, which may or may not be needed in your environment.

-Keith
0 Kudos
Reply
Erich Donze
Occasional Advisor

‎06-10-2003 10:41 AM

‎06-10-2003 10:41 AM

Re: Trusted Systems

I knew I was going to get flamed about the shared accounts. I should've added a disclaimer. I should write a book: 'When Best Pracices Aren't Practical, Or Even Practicable.'
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.