HPE Community
Operating System - HP-UX
1834935 Members
2328 Online
110071 Solutions
New Discussion

Re: trusted

 
SOLVED
Go to solution
himacs
Super Advisor

‎09-10-2009 11:22 AM

‎09-10-2009 11:22 AM

trusted

HI admins,

Please tell me advantages of trusted servers..

Is shadow file exists in trusted?


regards
himacs
0 Kudos
Reply
5 REPLIES 5
James R. Ferguson
Acclaimed Contributor

‎09-10-2009 11:29 AM

‎09-10-2009 11:29 AM

Re: trusted

Hi:

First, trusted systems are deprecated with 11.31 and will disappear in a release thereafter.

Trusted systems are different than the 'shadow' password implementation and no '/etc/shadow' file exists on a trusted system. Instead there is a '/tcb' directory.

You can learn more here:

http://docs.hp.com/en/5992-6416/5992-6416.pdf

Regards!

...JRF...
Reply
Hakki Aydin Ucar
Honored Contributor

‎09-10-2009 11:51 AM

‎09-10-2009 11:51 AM

Solution

Re: trusted

As addition:

HP-UX Trusted Systems come standard with HP-UX. It is installed by default (the product is called SecurityMon), although the functionality is not enabled by default. We can convert to a Trusted System and revert back if we wish. It is fully integrated into SAM, and SAM is the preferred method of managing Trusted Systems because the file structure is a little tricky to begin with and if you get it wrong, it can potentially render the system unusable. Its advantages:
A free, bundled product with HP-UX.

Stores passwords in a protected password database.

Provides a flexible password aging mechanism.

Provides a greater control over users' password choices.

Time- and location-based access controls.

Single-user mode authentication.

Automatically disables accounts and terminals after repeated failed logins.

Flexible auditing whereby individual users can be audited down to the system call level.

And besides, Password Aging manipulation.
Reply
R.K. #
Honored Contributor

‎09-10-2009 05:57 PM

‎09-10-2009 05:57 PM

Re: trusted

Hi Himacs..

With NON-TRUSTED systems, all encrypted passwords are stored in the /etc/passwd file.

With TRUSTED system, all encrypted passwords are stored in files in the /tcb/files/auth directory structure.

Additional features in TRUSTED SYSTEMS:
-auditing
-password setup policies
-a more stringent password and authentication system
-terminal access control
-time-based access control

See the threads below that describe differences in detail:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=638058
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1157625


Regds..
Don't fix what ain't broke
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎09-10-2009 06:35 PM

‎09-10-2009 06:35 PM

Re: trusted

Hi

Well, the 2nd and 3rd responses are advertisements. Although popular 5 to 10 years ago trusted systems have a high administration overhead that most scaled down data centers no longer can afford. It is good still in S1 government security levels, and was once the best alternative for S1 govt. security, but others have caught up and are as good, offer less labor (* especially when you lose the root password or lock the root account which everyone bitches about *) and is as good or better. SE Linux offered by red hat, is probably more popular now with the govt. than HP's trusted systems. And other add ons offered by HP provide as good as security over users, like sudo and ssh.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎09-14-2009 03:50 AM

‎09-14-2009 03:50 AM

Re: trusted

>Well, the 2nd and 3rd responses are advertisements.

it depends what asker needs exactly

>SE Linux offered by red hat, is probably more popular now with the govt. than HP's trusted systems

good knowledge to share, thanks , but sounds like a little bit out of topic.
As I said:

it depends.

Regards
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.