HPE Community
Operating System - HP-UX
1840174 Members
3275 Online
110162 Solutions
New Discussion

trusted

 
SOLVED
Go to solution
DUMP
Occasional Contributor

‎02-28-2006 02:42 AM

‎02-28-2006 02:42 AM

trusted

hi gurus

I have converted my system to trusted using the following command

/usr/lbin/tsconvert

Then i logined in another telnet session it asked to change the passwd .

i want to un trust it i have given same command to untrust but its diplaying that

system has already been converted.

can anybody help me to un trust it.

NOTE: Also let me know what is the main purpose of trusted system conversion , and documents related to it.

Thankzzzzzzzz
0 Kudos
Reply
3 REPLIES 3
Patrick Wallek
Honored Contributor

‎02-28-2006 02:45 AM

‎02-28-2006 02:45 AM

Solution

Re: trusted

/usr/lbin/tsconvert -r

to untrust.

The main purpose of trusting the system is provide better security of passwords. When trusting a system, the passwords are moved from the /etc/passwd file to a file in the /tcb/files/auth/ directory structure.

This doc goes over lots of information, including trusted systems:

Managing Systems and Workgroups: A Guide for HP-UX System Administrators
http://docs.hp.com/en/B2355-90950/index.html
Reply
A. Clay Stephenson
Acclaimed Contributor

‎02-28-2006 02:48 AM

‎02-28-2006 02:48 AM

Re: trusted

To revert to standard passwd files, execute tsconvert -r.

A trusted system moves the password hash from the passwd file into a "shadowed" database only visible to root. This prevents
a guessing attack against passwords. This same database, also has much more granularity in user controls than does the standard passwd file which is limited to password aging only.
If it ain't broke, I can fix that.
Reply
RAC_1
Honored Contributor

‎02-28-2006 02:59 AM

‎02-28-2006 02:59 AM

Re: trusted

Also, when you convert and unconvert all passwords expire. So as soon as you convert to trusted mdoe, always do modprpw -V immediately.

or better,
/etc/tsconvert ; /usr/lbin/modprpw -V
There is no substitute to HARDWORK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.