HPE Community
Operating System - HP-UX
1832054 Members
3228 Online
110034 Solutions
New Discussion

Trusted -vs- Not

 
Charles Fear
Advisor

‎10-02-2001 07:37 PM

‎10-02-2001 07:37 PM

Trusted -vs- Not

We are looking into adding a system into a trusted environment. What types of impact will this have on the user community and the apps associated with the system?
0 Kudos
Reply
6 REPLIES 6
Charles Fear
Advisor

‎10-02-2001 07:39 PM

‎10-02-2001 07:39 PM

Re: Trusted -vs- Not

Actually, can someone tell me of a document or technical site on why or why not to convert to a trusted system?
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎10-02-2001 07:47 PM

‎10-02-2001 07:47 PM

Re: Trusted -vs- Not

Here's an HP doc on administering a trusted system. It's from 1996 and for 10.20, but it should still be pretty applicable.

http://docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html
0 Kudos
Reply
Michael Tully
Honored Contributor

‎10-02-2001 08:54 PM

‎10-02-2001 08:54 PM

Re: Trusted -vs- Not

Hi,

We having been looking at a similar problem,
and in most cases you find that there might
be problems in particular with password aging,
password having to be at least six characters,
and dependant user accounts from dumb terminals
and warehousing type equipment where the user
will not be able to cope it at all. Bear this
in mind before converting.

http://docs.hp.com/hpux/onlinedocs/B2355-90742/B2355-90742.html
and have a look at chapter 8

Check this link in regards to how to secure a
system.

http://people.hp.se/stevesk/bastion11.html

HTH
-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎10-04-2001 07:06 AM

‎10-04-2001 07:06 AM

Re: Trusted -vs- Not

The biggest problem I've seen is with homegrown or store bought apps that don't understand Trusted System.

Some Examples:
TACACS
some older versions of WU-FTPD
some older versions of qpopper

Trusted systems use a different set of libraries to perform password authorization. So any application you have that uses OS dependent password checking routines (getpwent for non-trusted, getprpwent for trusted)should be tested.

Further, if you are bound to homegrown or downloaded apps that potentially use the non-trusted routines but not the trusted routines, then you'll want to have someone who can coerce the code to use the trusted routine. Generally, this is a fairly trivial task for a C programmer who is familiar with HP-UX.

BTW, most current versions of apps that I've encountered (commercial and downloaded) understand trusted systems out of the box.

0 Kudos
Reply
Wodisch
Honored Contributor

‎10-04-2001 03:23 PM

‎10-04-2001 03:23 PM

Re: Trusted -vs- Not

Hello Charles,

to me it seems more important to know your HPUX
release, as on HP-UX 11.x there are just some PAM
libs, but on 10.20 it is much more difficult for the apps.

Just my ?0.02,
Wodisch
0 Kudos
Reply
David Lodge
Trusted Contributor

‎10-05-2001 05:39 AM

‎10-05-2001 05:39 AM

Re: Trusted -vs- Not

This is a difficult argument - it is probably best to decide what is important for your system and what isn't.

What Trusted gives you:
* Shadowed password
* Auditing capability
* Flexibility of password admin
* Greater login information

The problems:
* Badly written applications don't like trusted systems (though in my experience most applications don't 'support' trusted systems because nobodies ask them for support on trusted systems.)
* Admin complexities (not just /etc/passwd)

In my case I would switch trusted on anyway.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.