HPE Community
Operating System - HP-UX
1833711 Members
2953 Online
110063 Solutions
New Discussion

Will passwords all expire when 11i system converted

 
SOLVED
Go to solution
Nick D'Angelo
Super Advisor

‎11-21-2005 03:31 AM

‎11-21-2005 03:31 AM

Will passwords all expire when 11i system converted

I am planning to convert my RP2470 11i machine to a trusted configuration and I was curious if all the passwords will expire when I complete the conversion?

Thanks,

Nick
Always learning
0 Kudos
Reply
9 REPLIES 9
Andy Torres
Trusted Contributor

‎11-21-2005 03:39 AM

‎11-21-2005 03:39 AM

Re: Will passwords all expire when 11i system converted

I believe you will have the option at the end of conversion.

NOTE: You may have problems with passwords over eight characters after conversion.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎11-21-2005 03:42 AM

‎11-21-2005 03:42 AM

Re: Will passwords all expire when 11i system converted

You are correct - converting to trusted will expire passwds unless to supply the option to modprpw.


Trusted system - do not expire passwds

/etc/tsconvert;/usr/lbin/modprpw -V

From the man pages for modprpw (man modprpw)

-V This option is specified WITHOUT a user name to "validate/refresh" all user's passwords. It goes through the protected password database and sets the successful change time to the current time for all users. The result is that all user's password aging restarts at the current time.

-v This option is specified with a user name to "validate/refresh" the specified user's password. It sets the successful change time to the current time.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-21-2005 03:48 AM

‎11-21-2005 03:48 AM

Re: Will passwords all expire when 11i system converted

Shalom Nick,

I never saw any passwords expire when I converted systems to trusted.

A lot of user id's that were not updated in a while or used expired, but that is supposed to happen.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Greg Vaidman
Respected Contributor

‎11-21-2005 06:34 AM

‎11-21-2005 06:34 AM

Re: Will passwords all expire when 11i system converted

Password expiration when converting to trusted systems depends on whether or not you had password aging when you were running untrusted. That's why different users have different experiences.

Just keep the "modprpw -V" command mentioned above in your back pocket, so you can "refresh" all passwords if needed.
0 Kudos
Reply
Nick D'Angelo
Super Advisor

‎11-21-2005 06:46 AM

‎11-21-2005 06:46 AM

Re: Will passwords all expire when 11i system converted

Thank you all.

One more clarification required and please pardon me if it is reptitious as I seem to be coming down with a massive head cold.

When I convert it to a trusted system, there will be an option at the end of the conversion process where Rick mentions that I can run the
/etc/tsconvert;/usr/lbin/modprpw -V
which goes thru the passwords and resets their password expiry date using today.

Otherwise, it will simply continue to use the settings that existed in /etc/passwd to force the user to change their passwords every 60 days (the way I have it set).

Did I miss it?
Always learning
0 Kudos
Reply
Nick D'Angelo
Super Advisor

‎11-24-2005 05:30 AM

‎11-24-2005 05:30 AM

Re: Will passwords all expire when 11i system converted

All, I did my conversion this morning and it went off pretty well with no real problems.

I wanted to thank you for your help.

If you reply to this message, I will assign closing points.

Cheers and happy holidays

Nickd
(I am a canuck so no holiday for us;-) )
Always learning
0 Kudos
Reply
Sยภเl Kย๓คг
Respected Contributor

‎11-24-2005 05:47 AM

‎11-24-2005 05:47 AM

Re: Will passwords all expire when 11i system converted

Hi,
Nick it is always better u convert the system in to trusted Mode, but few points I want you to give attention!!!



1.Maximum try to use SAM to manage the trusted system policies, as u are new to trusted systems
2.In General User Account Policies... of the trusted system, there is an option to enable "Require Login Upon Boot to Single-User State", ensure that you don't keep this tab "checked". Why this is because, incase if u loose the root password, You can very well boot the system in single user mode and change the password.
3. I would prefer, don't include root user in any of the security policies, disable the auditing for root user. Then block the direct root login and use su - or sudo su - for the root access.
4. It would have been better, if u had taken backup of /etc/passwd and /etc/group files. Hope u have done that.

Have a Nice time with the Most Secured System.
Regards,
Sunil
Your imagination is the preview of your life's coming attractions
Reply
Nick D'Angelo
Super Advisor

‎11-24-2005 05:55 AM

‎11-24-2005 05:55 AM

Re: Will passwords all expire when 11i system converted

Thanks for the tips Suni, I think they are good ones.

The only problem is that I did not backup the passwd and group files, but too late now.

Everything appears to be working just fine with our processes even the automated one.

Thanks

Nickd
Always learning
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-24-2005 12:02 PM

‎11-24-2005 12:02 PM

Solution

Re: Will passwords all expire when 11i system converted

The passwords are automatically expired as mentioned but you will never see this if you use SAM. SAM will automatically enable all the logins and password aging as part of it's conversion process. The tsconvert command is a "backend" command which is why it is typically located in the /usr/lbin directory, the "use at your own risk" directory. It's also why there are no man pages for /usr/lbin commands. As long as you run tsconvert followed by modprpw, it will work OK. Timid system administrators will be better off using SAM.


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.