|
|
Sponsored Content
Operating Systems
HP-UX
HP-UX revert from trusted system to default
Post 302595431 by rbatte1 on Friday 3rd of February 2012 05:46:22 AM
02-03-2012
Moderator
HP-UX revert from trusted system to default
All,
I have inherited some software that is running on HP-HX 11.11. The software ofers a GUI login and the user passwords can be either internal to the software, user defined or based on the matching unix account. The problem I have is that the server has been converted to 'trusted' years before I got hands on. The software, of course, only looks in /etc/passwd and is so old that fixes are no longer written.
The software had a total collapse on 01/01/2012 because of a design flaw.
There is the capability to set a user end date, and the logic failed similarly to the worries everyone had about year 2000. Having never dealt with it before, I soon discovered that no user accounts had a password at all and account sharing was very common. 
So, I crashed headlong into setting up something, at least. We've caught quite a few offenders already now that services are resumed
and I have an lsof based script trace written to react to each login attempt.
Unfortunately the internal password controls allow a single character password (including space) and no history is kept.
We do set more sensible rules for OS telnet users, but I cannot tie the software in without converting back from TCB.
Finally, my questions:-
I've trawled the archives, but nothing leaps out. Perhaps it is an odd requirement, but any guidance would be appreciated.
Many thanks, in advance,
Robin
Liverpool/Blackburn
UK
I have inherited some software that is running on HP-HX 11.11. The software ofers a GUI login and the user passwords can be either internal to the software, user defined or based on the matching unix account. The problem I have is that the server has been converted to 'trusted' years before I got hands on. The software, of course, only looks in /etc/passwd and is so old that fixes are no longer written.
The software had a total collapse on 01/01/2012 because of a design flaw.
There is the capability to set a user end date, and the logic failed similarly to the worries everyone had about year 2000. Having never dealt with it before, I soon discovered that no user accounts had a password at all and account sharing was very common. So, I crashed headlong into setting up something, at least. We've caught quite a few offenders already now that services are resumed and I have an lsof based script trace written to react to each login attempt.Unfortunately the internal password controls allow a single character password (including space) and no history is kept.
We do set more sensible rules for OS telnet users, but I cannot tie the software in without converting back from TCB.Finally, my questions:-
- How? Is it just a sam action?
- What do I lose?
- What do I risk?
I've trawled the archives, but nothing leaps out. Perhaps it is an odd requirement, but any guidance would be appreciated.
Many thanks, in advance,
Robin
Liverpool/Blackburn
UK
|
|
10 More Discussions You Might Find Interesting
1. HP-UX
I was playing with sam and i turned on the Trusted System feature (UX11i).
Now i cant log onto it anymore, i can ping it, but icant telnet, rlogin or login at the login screen.
I dont want to reboot my machine because i am affraid it wont boot and ask for a password. My root password is not... (1 Reply)
Discussion started by: Netghost
1 Replies
2. Solaris
hi i have created a pool using zpool command for my /dev/dsk/c1d0s3 disk.
The poolname is qwertyuiopasdfghjklmnbvcxzzxcvbnmasdfghjklqwertyuiopoiuytrewqasdfghjklkjhgfdsazxcvbnmmnbnbcxczxzassd
ddddvfhfghgjjgjhgkhkljfjlhohihiuyuioyguioyguiowyuiogwyuigwrigywuigyguiyuiogyugiyguioyuyguiowygiuygui... (1 Reply)
Discussion started by: SankarV
1 Replies
3. HP-UX
Is it possible to have shadowed password file without implementing a Trusted System? (3 Replies)
Discussion started by: linuxdude
3 Replies
4. Emergency UNIX and Linux Support
Instead of importing a project/folder as
svn import vlsms/ file:///home/repo/vlsms -m "Initial Upload"
I did
svn import vlsms/ file:///home/repo -m "Initial Upload"
How to undo this import (in a clean way,without trace?)
---------- Post updated at 03:10 AM ---------- Previous update was at... (0 Replies)
Discussion started by: johnbach
0 Replies
5. HP-UX
I have a new box that was set up for me and I want to allow telnet to the box as root. I know that it's not secure but due to the nature of what I test I need an easy and reliable way back in if I've messed up the other connection methods(SSH). This is in a protected lab environment. Eventually... (17 Replies)
Discussion started by: gctaylor
17 Replies
6. Linux
Long story short, there was some sort of corruption with my ide and the script I was working on has been over written with nothing (the file is blank now). The IDE doesn't store a back up from what I know (I'm using notepadd++ in wine lol I know I know I'm addictted to the nppftp sidebar and geany... (1 Reply)
Discussion started by: noPermissions
1 Replies
7. UNIX for Advanced & Expert Users
I thought I would share gmail revert to old look permanently. I am sure I am not the only one annoyed by the new look.
Install Stylish extension
Choose the Stylish UserStyle that you want.
I know The Return of Old Gmail and gmail-b2b both work but I prefer gmail-b2b since I think it looks... (0 Replies)
Discussion started by: cokedude
0 Replies
8. UNIX for Advanced & Expert Users
Hi,
I have deleted a file and commited in CVS.
So, is there any CVS command to revert back that deleted file with existing log messages.
--Thanks in advance
Madhu (1 Reply)
Discussion started by: madhuti
1 Replies
9. UNIX for Dummies Questions & Answers
I have given as:
PS1="Karthick>" in linux.
Now the prompt changed as:
Karthick>
Now I need to get back the default prompt .
How to achieve this?
Thanks in advance (13 Replies)
Discussion started by: karthick nath
13 Replies
10. UNIX for Advanced & Expert Users
Hi,
I need to convert few HP-UX (V 11.31) machines from un-trusted to trusted.
I used the HP SMH to do this on one server. However when I click on "Yes" to proceed with the conversion, I get this error :
The attempt to convert this system to a trusted system failed.
The command return value... (2 Replies)
Discussion started by: anaigini45
2 Replies
LEARN ABOUT DEBIAN
globus-update-certificate-dir
GLOBUS-UPDATE-CERT(8) GSI-C OpenSSL Commands GLOBUS-UPDATE-CERT(8) NAME
globus-update-certificate-dir - Update symlinks in the trusted CA directory SYNOPSIS
globus-update-certificate-dir [-help] [-d DIRECTORY] DESCRIPTION
The globus-update-certificate-dir program creates symlinks between files (CA certificates, certificate revocation lists, signing policy, and certificate request configuration files) using the certificate hash the installed version of OpenSSL uses. OpenSSL 1.0.0 uses a different name hashing algorithm than previous versions, so CA distributions created with older versions of OpenSSL might not be able to locate trusted CAs and related files. Running globus-update-certificate-dir against a trusted CA directory will add symlinks to the files to the hash if needed. The full set of command-line options to globus-update-certificate-dir consists of: -help Display a help message to standard output and exit -d DIRECTORY Create links in the trusted CA directory DIRECTORY instead of using the default search path. ENVIRONMENT
If the following variables affect the execution of globus-update-certificate-dir X509_CERT_DIR Default trusted certificate directory. HOME Path to the current user's home directory. GLOBUS_LOCATION Path to the Globus installation. University of Chicago 02/18/2010 GLOBUS-UPDATE-CERT(8)