HPE Community
Operating System - HP-UX
1754850 Members
5669 Online
108827 Solutions
New Discussion юеВ

Re: Trusted versus Non-Trusted

 
Wayne Widener
New Member

тАО07-31-2007 03:03 AM

тАО07-31-2007 03:03 AM

Trusted versus Non-Trusted

Does the directory / file names differ where the OS stores user account info for a trusted system versus non trusted? Things like min password length and other parameters?
0 Kudos
Reply
5 REPLIES 5
Pete Randall
Outstanding Contributor

тАО07-31-2007 03:05 AM

тАО07-31-2007 03:05 AM

Re: Trusted versus Non-Trusted

On a trusted system the user account info is stored in the /tcb directory structure rather than in /etc/passwd.

I'm not sure what you're asking about min password length - where it's stored? In /tcb.


Pete

Pete
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО07-31-2007 03:15 AM

тАО07-31-2007 03:15 AM

Re: Trusted versus Non-Trusted

There is no simple answer to your question because some of the are stored in the passwd file on standard systems and in the tcb database on trusted systems. For example, the passwd aging fields are stored as 4 comma-separated base-64 characters that occur after the 13-character password hash in /etc/passwd on standard systems but in trusted systems these are stored in the tcb database.

Other values (e.g. minimum password length) are stored in /etc/default/security independent of the security model.

For trusted systems, there are two-levels of parameters. Each user might have a value defined in his /tcb/files/auth/first_char_of_login/login entry. If so, that is the value that is used. If there is no value defined, then the system wide value found in /tcb/files/auth/system/default take effect.

Man prpwd, passwd, security for details.
If it ain't broke, I can fix that.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО07-31-2007 03:19 AM

тАО07-31-2007 03:19 AM

Re: Trusted versus Non-Trusted

I should also add that there are a number of parameters available for trusted systems that are not available otherwise so for those parameters your question is a non sequitur.

Other differences are that because of how the data are encoded, password aging parameters have a minimum resolution of 1 week in a standard system but 1 second in a trusted system.
If it ain't broke, I can fix that.
0 Kudos
Reply
Wayne Widener
New Member

тАО08-17-2007 07:22 AM

тАО08-17-2007 07:22 AM

Re: Trusted versus Non-Trusted

Much thanks for the responses. I appreciate it greatly.
0 Kudos
Reply
whiteknight
Honored Contributor

тАО08-17-2007 05:02 PM

тАО08-17-2007 05:02 PM

Re: Trusted versus Non-Trusted


Hi Wayne,

You can refer to Trusted System Section
"Managing Trusted Passwords and System Access" for detail info

http://docs.hp.com/en/B2355-90950/ch08s10.html


WK

p/s: Please assign points.
Problem never ends, you must know how to fix it
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.