UnixPedia : HPUX / LINUX / SOLARIS: HPUX : Trusted system definition:

Sunday, March 16, 2014

HPUX : Trusted system definition:



All passwords are encrypted immediately after
entry and stored in /tcb/files/auth/user initial/username on a trusted
system. The password _eld in /etc/passwd is ignored.
A user with an empty password is forced to set a password upon login on a
trusted system. However, this leaves a potential security breach, because any
user who knew about the account could set the password for that account
before a password is set for the _rst time.
Note Do not edit the password file directly, Use SAM, useradd, or
usermod to modify password entries.
HP-UX generates these mapping file to provide faster access to the password
file:
/tcb/files/auth/system/pw_id_map
/tcb/files/auth/system/gr_id_map
/tcb/files/auth/system/aid_id_map
It is possible for these mapping file to get out of sync with the password
database file, resulting in users unable to log in. In this case, remove the
mapping file. The system automatically regenerates new mapping file.
/etc/passwd
The /etc/passwd file is used to authenticate users at login time on standard
HP-UX systems. This file contains descriptions of every account on the
system. Refer to HP-UX System Administration Tasks and the passwd(1) and
passwd(4) man pages in the HP-UX Reference.
/tcb/files/auth/*/*
When a system is converted to a trusted system, the encrypted password,
normally held in the second _eld of /etc/passwd, is moved to the protected
password database file, and an asterisk holds its place in the / etc/passwd file.
Protected password database file are stored in /tcb/files/auth hierarchy.


Following command is used to set users password to never expire.

/usr/lbin/modprpw -l -m mintm=0,exptm=0,expwarn=0,lftm=0 ABCD

/usr/lbin/getprpw ABCD
uid=192, bootpw=NO, audid=458, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Sun Dec 3 02:36:53 2006, upwchg=-1, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Sun Dec 3 02:59:41 2006, ulogint=-1, sloginy=tty, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

ABCD is the user account.

No comments:

Post a Comment