HPE Community
Operating System - HP-UX
1835062 Members
2157 Online
110073 Solutions
New Discussion

Trusted Systems

 
SOLVED
Go to solution
ralph barber
Advisor

‎03-13-2003 03:34 AM

‎03-13-2003 03:34 AM

Trusted Systems

We have recently started converting our HPUX 11.00 systems
to Trusted Systems however on converting the first two systems we found that about 20% of our users when they first logged in were prompted for their old password however when they entered it they were told there was no record of their old password and the connection was terminated. Does anyone know what causes this and how it can be avoided in future conversions.
0 Kudos
Reply
10 REPLIES 10
RAC_1
Honored Contributor

‎03-13-2003 03:39 AM

‎03-13-2003 03:39 AM

Re: Trusted Systems

when you convert to trusted mode, all passwords get expired. so user will be prompted to entre for new password. To avoid this execute
/usr/lbin/modprpw -V after converting to trusted mode.
There is no substitute to HARDWORK
0 Kudos
Reply
ralph barber
Advisor

‎03-13-2003 03:45 AM

‎03-13-2003 03:45 AM

Re: Trusted Systems

Thanks Anil that's handy to know - still curious to know why so many users did not have their old passwords recognised.
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎03-13-2003 03:54 AM

‎03-13-2003 03:54 AM

Re: Trusted Systems

Here are some more basic trusted system commands:

authck -p (* verifies the integrity of the protected trusted password file in /tcb *)

getprpw (* alock = yes then disabled account *)

modprpw -a alock = NO (* to unlock disabled account *)
Support Fatherhood - Stop Family Law
0 Kudos
Reply
RAC_1
Honored Contributor

‎03-13-2003 04:05 AM

‎03-13-2003 04:05 AM

Re: Trusted Systems

run pwck and grpck befre converting. Also authck after conversion.
There is no substitute to HARDWORK
0 Kudos
Reply
ralph barber
Advisor

‎03-13-2003 09:13 AM

‎03-13-2003 09:13 AM

Re: Trusted Systems

We did run pwck and grpck before conversions
nothing untoward found
0 Kudos
Reply
Darren Prior
Honored Contributor

‎03-13-2003 09:28 AM

‎03-13-2003 09:28 AM

Solution

Re: Trusted Systems

Hi Ralph,

There can be issues with password greater than 8 characters when the system is converted. This may account for your 20% of users having the problem.

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
ralph barber
Advisor

‎03-13-2003 09:33 AM

‎03-13-2003 09:33 AM

Re: Trusted Systems

Thanks that would make sense as I know quite a few of our users were using passwords longer than 8 characters
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-13-2003 09:37 AM

‎03-13-2003 09:37 AM

Re: Trusted Systems

If you haven't been using password aging or your password aging is greater than 60 days, when you go trusted, the default password age is 60 days.

Any user with a password over 60 days old gets expired.

Hence the problem.

As far as there being no record of the old password, that should not happen.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Darren Prior
Honored Contributor

‎03-13-2003 09:39 AM

‎03-13-2003 09:39 AM

Re: Trusted Systems

Re: passwords over 8 chars.

I believe if they had entered just the first 8 chars of their long password they'd be able to change their password.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
ralph barber
Advisor

‎03-13-2003 09:43 AM

‎03-13-2003 09:43 AM

Re: Trusted Systems

Stephen
We did have password aging set to 28 days so that wasn't the issue in our case
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.