All,
I have inherited some software that is running on HP-HX 11.11. The software ofers a GUI login and the user passwords can be either internal to the software, user defined or based on the matching unix account. The problem I have is that the server has been converted to 'trusted' years before I got hands on. The software, of course, only looks in /etc/passwd and is so old that fixes are no longer written.
The software had a total collapse on 01/01/2012 because of a design flaw.
![Mad Smilie](https://www.unix.com/images/smilies/mad.gif)
There is the capability to set a user end date, and the logic failed similarly to the worries everyone had about year 2000. Having never dealt with it before, I soon discovered that no user accounts had a password at all and account sharing was very common.
![EEK! Smilie](https://www.unix.com/images/smilies/eek.gif)
![EEK! Smilie](https://www.unix.com/images/smilies/eek.gif)
So, I crashed headlong into setting up something, at least. We've caught quite a few offenders already now that services are resumed
![Wink Smilie](https://www.unix.com/images/smilies/wink.gif)
and I have an
lsof based script trace written to react to each login attempt.
Unfortunately the internal password controls allow a single character password (including space) and no history is kept.
![Question Smilie](https://www.unix.com/images/icons/icon51.png)
We do set more sensible rules for OS telnet users, but I cannot tie the software in without converting back from TCB.
Finally, my questions:-
- How? Is it just a sam action?
- What do I lose?
- What do I risk?
I've trawled the archives, but nothing leaps out. Perhaps it is an odd requirement, but any guidance would be appreciated.
Many thanks, in advance,
Robin
Liverpool/Blackburn
UK
![Stick Out Tongue Smilie](https://www.unix.com/images/smilies/tongue.gif)