All passwords are encrypted immediately
after
entry and stored in /tcb/files/auth/user
initial/username on a trusted
system. The password _eld in /etc/passwd is
ignored.
A user with an empty password is forced to
set a password upon login on a
trusted system. However, this leaves a
potential security breach, because any
user who knew about the account could set
the password for that account
before a password is set for the _rst time.
Note Do not edit the password file
directly, Use SAM, useradd, or
usermod to modify password entries.
HP-UX generates these mapping file to
provide faster access to the password
file:
/tcb/files/auth/system/pw_id_map
/tcb/files/auth/system/gr_id_map
/tcb/files/auth/system/aid_id_map
It is possible for these mapping file to
get out of sync with the password
database file, resulting in users unable to
log in. In this case, remove the
mapping file. The system automatically
regenerates new mapping file.
/etc/passwd
The /etc/passwd file is used to
authenticate users at login time on standard
HP-UX systems. This file contains
descriptions of every account on the
system. Refer to HP-UX System
Administration Tasks and the passwd(1) and
passwd(4) man pages in the HP-UX Reference.
/tcb/files/auth/*/*
When a system is converted to a trusted
system, the encrypted password,
normally held in the second _eld of
/etc/passwd, is moved to the protected
password database file, and an asterisk
holds its place in the / etc/passwd file.
Protected password database file are stored
in /tcb/files/auth hierarchy.
Following command is used to set users
password to never expire.
/usr/lbin/modprpw -l -m mintm=0,exptm=0,expwarn=0,lftm=0 ABCD
/usr/lbin/getprpw ABCD
uid=192, bootpw=NO, audid=458, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Sun Dec 3 02:36:53 2006, upwchg=-1, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Sun Dec 3 02:59:41 2006, ulogint=-1, sloginy=tty, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000
ABCD is the user account.
/usr/lbin/modprpw -l -m mintm=0,exptm=0,expwarn=0,lftm=0 ABCD
/usr/lbin/getprpw ABCD
uid=192, bootpw=NO, audid=458, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Sun Dec 3 02:36:53 2006, upwchg=-1, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Sun Dec 3 02:59:41 2006, ulogint=-1, sloginy=tty, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000
ABCD is the user account.
No comments:
Post a Comment