Manualshelf

HP-UX 11i Version 2 Release Notes (October 2003)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU
181182183184185186187188189190
Security
Shadow Passwords
Chapter 7
187
Compatibility
There are no compatibility issues.
Performance
There are no performance issues.
Documentation
security_patch_check (1M) manpage (add /opt/sec_mgmt/share/man/ to MANPATH)
Managing Systems and Workgroups, Chapter 8
“HP-UX Bastille” on page 177
Obsolescence
Not applicable.
Shadow Passwords
The new Shadow Password feature enhances system security by hiding user-encrypted
passwords in a shadow password file.
Summary of Change
The HP-UX 11i v2 release introduces an optional, configurable Shadow Password
feature based on the de facto standard provided by other UNIX flavors, including Sun
Solaris and Linux. Encrypted passwords previously stored in the publicly readable
/etc/passwd file can be moved to /etc/shadow, which is accessible only by a privileged
user. For HP-UX 11i v2, Shadow Passwords are not supported with NIS nor NIS+.
Impact
The Shadow Passwords feature is optionally configurable, and is inactive by default. The
feature has no impact on systems running in trusted mode. Additionally, systems in
standard mode are not impacted until the pwconv command is run to activate the
feature. The feature can be subsequently deactivated by running the pwunconv
command.
Compatibility
The behavior of systems running in trusted mode is not changed. When run in standard
mode, the pwconv command now converts the system to use Shadow Passwords.
In HP-UX 11i v2, Shadow Passwords are not supported with NIS nor NIS+. Do not run
pwconv on these configurations.