Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Converting system to trusted
Top Forums UNIX for Advanced & Expert Users Converting system to trusted Post 303013912 by anaigini45 on Thursday 1st of March 2018 10:13:21 PM
Old 03-01-2018
Converting system to trusted
Hi,

I need to convert few HP-UX (V 11.31) machines from un-trusted to trusted.
I used the HP SMH to do this on one server. However when I click on "Yes" to proceed with the conversion, I get this error :

HTML Code:
The attempt to convert this system to a trusted system failed.
The command return value was "-1" and the standard error output was: 
The system cannot be converted while shadow passwords are in use.
I googled some solutions, and they suggested using “pwunconv” command to convert the passwords from shadow to non-shadow.
But this could lead to removing the whole PHI (Password Has Infrastructure) software, and user passwords or even user accounts would be eventually deleted.

Please suggest the best way to convert to trusted system, and if the option above is used, is there a way to restore the PHI software?

Thanks,
Aigini
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

PAM Vs Trusted mode in HP-UX

Hi All, Some questions on PAM (Pluggable Authentication Modulues) and Trusted mode in HP-UX. As default, when I turn on trusted mode (need shadow password only), the PAM is atomatically installed(not sure the word "installed" is appropriate or not). Can we turn on the trusted mode only,... (0 Replies)
Discussion started by: wilsonchan1000
0 Replies

2. Cybersecurity

Trusted Computing

About a year ago, a friend of mine who worked on the OReilly Snort book took a propsal he and I had worked on for a book on Trusted Computing. Though the editor thought the content was good and worthwhile, he felt that there wasn't enough of a market to justify printing such a work. How many... (0 Replies)
Discussion started by: kduffin
0 Replies

3. HP-UX

Trusted system: Please Help.

I was playing with sam and i turned on the Trusted System feature (UX11i). Now i cant log onto it anymore, i can ping it, but icant telnet, rlogin or login at the login screen. I dont want to reboot my machine because i am affraid it wont boot and ask for a password. My root password is not... (1 Reply)
Discussion started by: Netghost
1 Replies

4. UNIX for Dummies Questions & Answers

Converting a Windows system to a UNIX system

Hello I am looking for advise on how to convert a windows based computer system into a UNIX based operating system.. I would like to be able to learn UNIX better than I know it and work didn't allow me to work with UNIX much. Is there a book where I could learn how to accomplish that... (6 Replies)
Discussion started by: baksg1995
6 Replies

5. HP-UX

shadowed password file on non-trusted system?

Is it possible to have shadowed password file without implementing a Trusted System? (3 Replies)
Discussion started by: linuxdude
3 Replies

6. Solaris

Solaris Trusted Extension ?

How to check if a system has Solaris trusted extensions installed or not on a solaris 10 system ? (5 Replies)
Discussion started by: fugitive
5 Replies

7. What is on Your Mind?

Converting an old windows vista system to Unix

I have an old Dell system that I would like to convert over to a Unix system and I have no idea how to do this. Where can I go to get the information to do this. This will be a secondary computer that I will learn and "play" with. I have heard that it is fairly easy to do and that once I get used... (0 Replies)
Discussion started by: Richard.Borden2
0 Replies

8. HP-UX

Enable telnet as root to 11.31 non-trusted system?

I have a new box that was set up for me and I want to allow telnet to the box as root. I know that it's not secure but due to the nature of what I test I need an easy and reliable way back in if I've messed up the other connection methods(SSH). This is in a protected lab environment. Eventually... (17 Replies)
Discussion started by: gctaylor
17 Replies

9. HP-UX

HP-UX revert from trusted system to default

All, I have inherited some software that is running on HP-HX 11.11. The software ofers a GUI login and the user passwords can be either internal to the software, user defined or based on the matching unix account. The problem I have is that the server has been converted to 'trusted' years... (7 Replies)
Discussion started by: rbatte1
7 Replies

LEARN ABOUT SUSE

stap-authorize-signing-cert

STAP-AUTHORIZE-SIGNING-CERT(8)				      System Manager's Manual				    STAP-AUTHORIZE-SIGNING-CERT(8)

NAME

       stap-authorize-signing-cert - systemtap signing authorization utility

SYNOPSIS

       stap-authorize-signing-cert CERTFILE [ DIRNAME ]

DESCRIPTION

       The  staprun program will load modules for members of the group stapusr if they are signed by a trusted signer. A trusted signer is usually
       a systemtap compile server which signs modules when the client (stap-client) specifies the --unprivileged option.

       The trustworthiness of a given signer can not be determined automatically without a trusted certificate authority issuing systemtap signing
       certificates.  This is not practical in everyday use and so, staprun must authenticate servers against its own database of trusted signers.
       In this context, establishing a given signer as trusted means adding that signer's certificate to staprun's database of trusted signers.

       The stap-authorize-signing-cert program adds the given signing certificate to the given certificate database, making that signer a  trusted
       server for staprun when using that database.

ARGUMENTS

       The stap-authorize-signing-cert program accepts two arguments:

       CERTFILE
	      This  is the name of the file containing the certificate of the new trusted signer.  For systemtap compile servers, this is the file
	      named stap.cert which can be found in the server's certificate database.	On the server host, for servers started by the stap-server
	      service,	this  database can be found in /var/lib/stap-server/.systemtap/ssl/server/.  For servers run by other non-root users, this
	      database can be found in $HOME/.systemtap/ssl/server/.  For root users (EUID=0), it can be found in /etc/systemtap/ssl/server.

       DIRNAME
	      This optional argument is the name of the directory containing the certificate database to which the certificate is to be added.	If
	      not  specified,  the default is /etc/systemtap/staprun/.	That is, the default result is that all users on the local host will trust
	      this signer. Note that this default directory is only writable by root.

SAFETY AND SECURITY

       Systemtap is an administrative tool.  It exposes kernel internal data structures and potentially private user information.  See the stap(1)
       manual page for additional information on safety and security.

       Systemtap  uses	Network  Security  Services (NSS) for module signing and verification. The NSS tool certutil is used for the generation of
       certificates. The related certificate databases must be protected in order to maintain the security of the system.  Use	of  the  utilities
       provided  will  help to ensure that the proper protection is maintained. staprun will check for proper access permissions before making use
       of any certificate database.

FILES

       /etc/systemtap/staprun/
	      staprun's trusted signer certificate database.

       /var/lib/stap-server/.systemtap/ssl/server/stap.cert
	      Signing certificate for servers started by the stap-server service.

SEE ALSO

       stap(1), staprun(8), stap-server(8), stap-client(8), NSS, certutil

BUGS

       Use the Bugzilla link of the project web page or our mailing list.  http://sources.redhat.com/systemtap/, <systemtap@sources.redhat.com>.

Red Hat 							    2010-07-05					    STAP-AUTHORIZE-SIGNING-CERT(8)
All times are GMT -4. The time now is 05:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy