Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: HP-UX revert from trusted system to default
Operating Systems HP-UX HP-UX revert from trusted system to default Post 302596010 by methyl on Monday 6th of February 2012 08:35:30 AM
Old 02-06-2012
Quote:
I'm still not sure what being 'trusted' gives me. It just was already 'trusted' when I got given the opportunity to take it on (i.e. dumped with it) Does untrusted just mean that the passwords are stored (encrypted) in /etc/passwd field 2 so there is a risk that someone might peek and then decipher them? Will I lose the complexity/history rules for passwords or something else perhaps? I will be delighted if it doesn't re-prompt for the old password when I've just typed it in, and as for that generating a next password malarky, no thanks. All users, be they IT or not, hate it too.
To read about "untrused", just see "man passwd". You will lose complexity and history rules. The "root" user will not need to know an old password. Passwords will be stored encrypted in /etc/passwd, but there is no direct unencryption method beyond brute force by a "root" user.

Keep some sessions logged in as "root" if you make this change. I recall that all existing user passwords were lost during the change from "trusted" to "untrusted" and that every user needed a password reset. Don't know if this has been fixed. HP Openview stopped working and need a re-install.

The "sudo" command is not a HP-UX command. It is 3rd-party software which administrators elect to use in order to bypass "trusted" security. No guarantee that it would continue to work unchanged.

I can't see how changing from "trusted" to "untrusted" will fix your application problem.

As others advise, make a full Disaster Recovery backup before considering this change.
 

10 More Discussions You Might Find Interesting

1. HP-UX

Trusted system: Please Help.

I was playing with sam and i turned on the Trusted System feature (UX11i). Now i cant log onto it anymore, i can ping it, but icant telnet, rlogin or login at the login screen. I dont want to reboot my machine because i am affraid it wont boot and ask for a password. My root password is not... (1 Reply)
Discussion started by: Netghost
1 Replies

2. Solaris

need zpool to revert...

hi i have created a pool using zpool command for my /dev/dsk/c1d0s3 disk. The poolname is qwertyuiopasdfghjklmnbvcxzzxcvbnmasdfghjklqwertyuiopoiuytrewqasdfghjklkjhgfdsazxcvbnmmnbnbcxczxzassd ddddvfhfghgjjgjhgkhkljfjlhohihiuyuioyguioyguiowyuiogwyuigwrigywuigyguiyuiogyugiyguioyuyguiowygiuygui... (1 Reply)
Discussion started by: SankarV
1 Replies

3. HP-UX

shadowed password file on non-trusted system?

Is it possible to have shadowed password file without implementing a Trusted System? (3 Replies)
Discussion started by: linuxdude
3 Replies

4. Emergency UNIX and Linux Support

Revert SVN import

Instead of importing a project/folder as svn import vlsms/ file:///home/repo/vlsms -m "Initial Upload" I did svn import vlsms/ file:///home/repo -m "Initial Upload" How to undo this import (in a clean way,without trace?) ---------- Post updated at 03:10 AM ---------- Previous update was at... (0 Replies)
Discussion started by: johnbach
0 Replies

5. HP-UX

Enable telnet as root to 11.31 non-trusted system?

I have a new box that was set up for me and I want to allow telnet to the box as root. I know that it's not secure but due to the nature of what I test I need an easy and reliable way back in if I've messed up the other connection methods(SSH). This is in a protected lab environment. Eventually... (17 Replies)
Discussion started by: gctaylor
17 Replies

6. Linux

Is it possible to revert a file after overwriting it ?

Long story short, there was some sort of corruption with my ide and the script I was working on has been over written with nothing (the file is blank now). The IDE doesn't store a back up from what I know (I'm using notepadd++ in wine lol I know I know I'm addictted to the nppftp sidebar and geany... (1 Reply)
Discussion started by: noPermissions
1 Replies

7. UNIX for Advanced & Expert Users

gmail revert to old look permanently

I thought I would share gmail revert to old look permanently. I am sure I am not the only one annoyed by the new look. Install Stylish extension Choose the Stylish UserStyle that you want. I know The Return of Old Gmail and gmail-b2b both work but I prefer gmail-b2b since I think it looks... (0 Replies)
Discussion started by: cokedude
0 Replies

8. UNIX for Advanced & Expert Users

CVS command to revert deleted files

Hi, I have deleted a file and commited in CVS. So, is there any CVS command to revert back that deleted file with existing log messages. --Thanks in advance Madhu (1 Reply)
Discussion started by: madhuti
1 Replies

9. UNIX for Dummies Questions & Answers

Need to revert default prompt in Linux after setting PS1 command

I have given as: PS1="Karthick>" in linux. Now the prompt changed as: Karthick> Now I need to get back the default prompt . How to achieve this? Thanks in advance (13 Replies)
Discussion started by: karthick nath
13 Replies

10. UNIX for Advanced & Expert Users

Converting system to trusted

Hi, I need to convert few HP-UX (V 11.31) machines from un-trusted to trusted. I used the HP SMH to do this on one server. However when I click on "Yes" to proceed with the conversion, I get this error : The attempt to convert this system to a trusted system failed. The command return value... (2 Replies)
Discussion started by: anaigini45
2 Replies

LEARN ABOUT V7

d_passwd

d_passwd(4)							   File Formats 						       d_passwd(4)

NAME

       d_passwd - dial-up password file

SYNOPSIS

       /etc/d_passwd

DESCRIPTION

       A  dial-up  password is an additional password required of users who access the computer through a modem or dial-up port. The correct pass-
       word must be entered before the user is granted access to the computer.

       d_passwd is an ASCII file which contains a list of executable programs (typically shells) that require a dial-up password and  the  associ-
       ated encrypted passwords. When a user attempts to log in on any of the ports listed in the dialups file (see dialups(4)), the login program
       looks at the user's login entry stored in the passwd file (see passwd(4)), and compares the login shell field to the entries  in  d_passwd.
       These entries determine whether the user will be required to supply a dial-up password.

       Each entry in d_passwd is a single line of the form:

       login-shell:password:

       where

       login-shell     The name of the login program that will require an additional dial-up password.

       password        An  encrypted  password. Users accessing the computer through a dial-up port or modem using login-shell will be required to
		       enter this password before gaining access to the computer.

       d_passwd should be owned by the root user and the root group. The file should have read and write permissions for the owner (root) only.

       If the user's login program in the passwd file is not found in d_passwd or if the login shell field in passwd is empty, the user must  sup-
       ply  the  default  password.  The default password is the entry for /usr/bin/sh. If d_passwd has no entry for /usr/bin/sh, then those users
       whose login shell field in passwd is empty or does not match any entry in d_passwd will not be prompted for a dial-up password.

       Dial-up logins are disabled if d_passwd has only the following entry:

       /usr/bin/sh:*:

EXAMPLES

       Example 1: Sample d_passwd file.

       Here is a sample d_passwd file:

       /usr/lib/uucp/uucico:q.mJzTnu8icF0:
       /usr/bin/csh:6k/7KCFRPNVXg:
       /usr/bin/ksh:9df/FDf.4jkRt:
       /usr/bin/sh:41FuGVzGcDJlw:

   Generating An Encrypted Password
       The passwd (see passwd(1)) utility can be used to generate the encrypted password for each login program. passwd generates encrypted  pass-
       words  for  users  and places the password in the shadow (see shadow(4)) file. Passwords for the d_passwd file will need to be generated by
       first adding a temporary user id using useradd (see useradd(1M)), and then using passwd(1) to generate the desired password in  the  shadow
       file. Once the encrypted version of the password has been created, it can be copied to the d_passwd file.

       For example:

       1.
	   Type useradd tempuser and press Return. This creates a user named tempuser.

       2.  Type passwd tempuser and press Return. This creates an encrypted password for tempuser and places it in the shadow file.

       3.  Find the entry for tempuser in the shadow file and copy the encrypted password to the desired entry in the d_passwd file.

       4.  Type userdel tempuser and press Return to delete tempuser.

       These steps must be executed as the root user.

FILES

       /etc/d_passwd	       dial-up password file

       /etc/dialups	       list of dial-up ports requiring dial-up passwords

       /etc/passwd	       password file

       /etc/shadow	       shadow password file

SEE ALSO

       passwd(1), useradd(1M), dialups(4), passwd(4), shadow(4)

WARNINGS

       When  creating  a  new  dial-up password, be sure to remain logged in on at least one terminal while testing the new password. This ensures
       that there is an available terminal from which you can correct any mistakes that were made when the new password was added.

SunOS 5.10							    2 Sep 2004							       d_passwd(4)
All times are GMT -4. The time now is 07:34 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy