Login or Register to Ask a Question and Join Our Community


HP-UX

HP-UX revert from trusted system to default

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems HP-UX HP-UX revert from trusted system to default
# 8  
Old 02-06-2012
Quote:
I'm still not sure what being 'trusted' gives me. It just was already 'trusted' when I got given the opportunity to take it on (i.e. dumped with it) Does untrusted just mean that the passwords are stored (encrypted) in /etc/passwd field 2 so there is a risk that someone might peek and then decipher them? Will I lose the complexity/history rules for passwords or something else perhaps? I will be delighted if it doesn't re-prompt for the old password when I've just typed it in, and as for that generating a next password malarky, no thanks. All users, be they IT or not, hate it too.
To read about "untrused", just see "man passwd". You will lose complexity and history rules. The "root" user will not need to know an old password. Passwords will be stored encrypted in /etc/passwd, but there is no direct unencryption method beyond brute force by a "root" user.

Keep some sessions logged in as "root" if you make this change. I recall that all existing user passwords were lost during the change from "trusted" to "untrusted" and that every user needed a password reset. Don't know if this has been fixed. HP Openview stopped working and need a re-install.

The "sudo" command is not a HP-UX command. It is 3rd-party software which administrators elect to use in order to bypass "trusted" security. No guarantee that it would continue to work unchanged.

I can't see how changing from "trusted" to "untrusted" will fix your application problem.

As others advise, make a full Disaster Recovery backup before considering this change.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Converting system to trusted

Hi, I need to convert few HP-UX (V 11.31) machines from un-trusted to trusted. I used the HP SMH to do this on one server. However when I click on "Yes" to proceed with the conversion, I get this error : The attempt to convert this system to a trusted system failed. The command return value... (2 Replies)
Discussion started by: anaigini45
2 Replies

2. UNIX for Dummies Questions & Answers

Need to revert default prompt in Linux after setting PS1 command

I have given as: PS1="Karthick>" in linux. Now the prompt changed as: Karthick> Now I need to get back the default prompt . How to achieve this? Thanks in advance (13 Replies)
Discussion started by: karthick nath
13 Replies

3. UNIX for Advanced & Expert Users

CVS command to revert deleted files

Hi, I have deleted a file and commited in CVS. So, is there any CVS command to revert back that deleted file with existing log messages. --Thanks in advance Madhu (1 Reply)
Discussion started by: madhuti
1 Replies

4. UNIX for Advanced & Expert Users

gmail revert to old look permanently

I thought I would share gmail revert to old look permanently. I am sure I am not the only one annoyed by the new look. Install Stylish extension Choose the Stylish UserStyle that you want. I know The Return of Old Gmail and gmail-b2b both work but I prefer gmail-b2b since I think it looks... (0 Replies)
Discussion started by: cokedude
0 Replies

5. Linux

Is it possible to revert a file after overwriting it ?

Long story short, there was some sort of corruption with my ide and the script I was working on has been over written with nothing (the file is blank now). The IDE doesn't store a back up from what I know (I'm using notepadd++ in wine lol I know I know I'm addictted to the nppftp sidebar and geany... (1 Reply)
Discussion started by: noPermissions
1 Replies

6. HP-UX

Enable telnet as root to 11.31 non-trusted system?

I have a new box that was set up for me and I want to allow telnet to the box as root. I know that it's not secure but due to the nature of what I test I need an easy and reliable way back in if I've messed up the other connection methods(SSH). This is in a protected lab environment. Eventually... (17 Replies)
Discussion started by: gctaylor
17 Replies

7. Emergency UNIX and Linux Support

Revert SVN import

Instead of importing a project/folder as svn import vlsms/ file:///home/repo/vlsms -m "Initial Upload" I did svn import vlsms/ file:///home/repo -m "Initial Upload" How to undo this import (in a clean way,without trace?) ---------- Post updated at 03:10 AM ---------- Previous update was at... (0 Replies)
Discussion started by: johnbach
0 Replies

8. HP-UX

shadowed password file on non-trusted system?

Is it possible to have shadowed password file without implementing a Trusted System? (3 Replies)
Discussion started by: linuxdude
3 Replies

9. Solaris

need zpool to revert...

hi i have created a pool using zpool command for my /dev/dsk/c1d0s3 disk. The poolname is qwertyuiopasdfghjklmnbvcxzzxcvbnmasdfghjklqwertyuiopoiuytrewqasdfghjklkjhgfdsazxcvbnmmnbnbcxczxzassd ddddvfhfghgjjgjhgkhkljfjlhohihiuyuioyguioyguiowyuiogwyuigwrigywuigyguiyuiogyugiyguioyuyguiowygiuygui... (1 Reply)
Discussion started by: SankarV
1 Replies

10. HP-UX

Trusted system: Please Help.

I was playing with sam and i turned on the Trusted System feature (UX11i). Now i cant log onto it anymore, i can ping it, but icant telnet, rlogin or login at the login screen. I dont want to reboot my machine because i am affraid it wont boot and ask for a password. My root password is not... (1 Reply)
Discussion started by: Netghost
1 Replies
Login or Register to Ask a Question

LEARN ABOUT SUSE

stap-authorize-signing-cert

STAP-AUTHORIZE-SIGNING-CERT(8)				      System Manager's Manual				    STAP-AUTHORIZE-SIGNING-CERT(8)

NAME

       stap-authorize-signing-cert - systemtap signing authorization utility

SYNOPSIS

       stap-authorize-signing-cert CERTFILE [ DIRNAME ]

DESCRIPTION

       The  staprun program will load modules for members of the group stapusr if they are signed by a trusted signer. A trusted signer is usually
       a systemtap compile server which signs modules when the client (stap-client) specifies the --unprivileged option.

       The trustworthiness of a given signer can not be determined automatically without a trusted certificate authority issuing systemtap signing
       certificates.  This is not practical in everyday use and so, staprun must authenticate servers against its own database of trusted signers.
       In this context, establishing a given signer as trusted means adding that signer's certificate to staprun's database of trusted signers.

       The stap-authorize-signing-cert program adds the given signing certificate to the given certificate database, making that signer a  trusted
       server for staprun when using that database.

ARGUMENTS

       The stap-authorize-signing-cert program accepts two arguments:

       CERTFILE
	      This  is the name of the file containing the certificate of the new trusted signer.  For systemtap compile servers, this is the file
	      named stap.cert which can be found in the server's certificate database.	On the server host, for servers started by the stap-server
	      service,	this  database can be found in /var/lib/stap-server/.systemtap/ssl/server/.  For servers run by other non-root users, this
	      database can be found in $HOME/.systemtap/ssl/server/.  For root users (EUID=0), it can be found in /etc/systemtap/ssl/server.

       DIRNAME
	      This optional argument is the name of the directory containing the certificate database to which the certificate is to be added.	If
	      not  specified,  the default is /etc/systemtap/staprun/.	That is, the default result is that all users on the local host will trust
	      this signer. Note that this default directory is only writable by root.

SAFETY AND SECURITY

       Systemtap is an administrative tool.  It exposes kernel internal data structures and potentially private user information.  See the stap(1)
       manual page for additional information on safety and security.

       Systemtap  uses	Network  Security  Services (NSS) for module signing and verification. The NSS tool certutil is used for the generation of
       certificates. The related certificate databases must be protected in order to maintain the security of the system.  Use	of  the  utilities
       provided  will  help to ensure that the proper protection is maintained. staprun will check for proper access permissions before making use
       of any certificate database.

FILES

       /etc/systemtap/staprun/
	      staprun's trusted signer certificate database.

       /var/lib/stap-server/.systemtap/ssl/server/stap.cert
	      Signing certificate for servers started by the stap-server service.

SEE ALSO

       stap(1), staprun(8), stap-server(8), stap-client(8), NSS, certutil

BUGS

       Use the Bugzilla link of the project web page or our mailing list.  http://sources.redhat.com/systemtap/, <systemtap@sources.redhat.com>.

Red Hat 							    2010-07-05					    STAP-AUTHORIZE-SIGNING-CERT(8)