Location: on the road for work; home is private time
Posts: 456
Thanks Given: 10
Thanked 108 Times in 100 Posts
As far as "policy" goes, that would only be the so-called default: stanzas in several files in /etc/security.
There are other "policy" related files, also in /etc/security - most of these end in .cfg (e.g., login.cfg).
If you are trying to duplicate users on both servers my preference would be to use LDAP and/or Kerberos (on AIX). Also because I expect you will need to keep the user administration synchronized in both systems.
It seems that copying all these files doesn't make everything works. Something works, but something doesn't, such as the login time out as bakunin said, I have to set the TMOUT variable in /etc/profile ( AIX 5.3 ) manually, or the ssh authentication - also has to be reconfiged again ...
I can only fix which I see. I'm not the person who config the old servers, so I don't know exactly whether everything is OK ot not. Maybe next time I'll use "clone rootvg", it would cost a lot of time ( because of the number of servers ), but it could ensure that everything's OK.
I can only fix which I see. I'm not the person who config the old servers, so I don't know exactly whether everything is OK ot not.
Exactly this is the main problem: you never can be sure if you have found the last problem.
Quote:
Originally Posted by bobochacha29
Maybe next time I'll use "clone rootvg", it would cost a lot of time ( because of the number of servers ), but it could ensure that everything's OK.
This - take an mksysb and restore it - will make sure absolutely everything: users, print queues, groups, cron entries and whatever you can think of is copied. If you have several of these servers you should take an mksysb for system backups regularly anyway. You can boot a new hardware from this image and (re-)install the competely configured system from that, which will perhaps less time than to install an unconfigured system and then put some (probably incomplete) configuration onto that.
Location: on the road for work; home is private time
Posts: 456
Thanks Given: 10
Thanked 108 Times in 100 Posts
Personally, I have not worked enough with AIX Runtime Expert to give a quick example - but this is one of the things it was intended for - even if it is only to see what the differences are.
Further, as you talk about "old" and "new", in particular not knowing what the old policies were, or why. I would be nervous about copying old, unknown policies because I have no way of knowing whether they are sufficient to meet the demands of today's (security) requirements. Also, as you are probably moving to new hardware - are the performance settings correct for the new environment.
While I can understand that you want to transfer users - and it if concerns many users - taking some time to learn about the tools available on AIX at no additional charge (a few that come to mind are: aixpert (i.e. AIX Security Expert) for hardening, aix runtime expert for applying system profiles, RBAC, Trusted Execution, etc..
imho - you are doing yourself and/or your business/employer a disservice by not looking in to what AIX offers.
I wish you many happy days as a (new) AIX admin!
This User Gave Thanks to MichaelFelt For This Post:
Personally, I have not worked enough with AIX Runtime Expert to give a quick example
Maybe I can help
The directory /etc/security/artex/samples holds a set of xml files with possible system settings which can be managed by artex.
The following command/example save the settings of the login.cfg on the current server.
To restore these settings (copy the newly created file to another server and) run the following command:
There is also a all.xml profile which contains all artex managed settings. This profile can be used to copy over the whole system settings inclusive of all known users and groups.
we use Artex to compare the current system settings against initial saved settings.
This helps if something no longer work as expected and alleged no one has touched your system.
In this case '0' is the old and '1' the new value for nfs_use_reserved_ports.
Can someone help in writing some script through which I can transfer file (scp) from root user in abc server to crt user in hfg server and can give the crt user password in script itself so that it doesn't prompt me every time for password (4 Replies)
Hi ,
Is there any script to copy a files (weblogic bianary + silent.xml ) from one server (linux) to another servers and then execute the copy file.
We want to copy a file on multiple servers and run the installation.
Thanks (1 Reply)
Hi,
i have the following config in the system-auth files
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required ... (2 Replies)
We would be migrating unix solaries to Linux redhat.
Basically source is unix and target is linux.
i would like to copy entire file system unix/source/* to target linux/souce/*
but target linux has only folder setup so what ever files copied need to be placed in the linux server with same... (8 Replies)
Hi linux expert,
i would like to create a script for listing all user with there password policy. It should be in the following format:
Last password change : Sep 19, 2011
Password expires : never
Password inactive : never
Account... (2 Replies)
hi folk,
i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters.
# useradd testing
# passwd testing
New... (7 Replies)
Hi All,
what is the comand to log off the remote server?
I have 2 servers A, B. I need to find all files older than 7 days on server B and copy over to server A. My logic is:
login the remote server:
=================
ssh hostB
cd /data/test
find . -mtime -7 -ls | awk '{print... (4 Replies)