SUMMARY: Convert trusted system into non-trusted system

From: Schepers, Jan (Jan.Schepers@atosorigin.com)
Date: Thu May 30 2002 - 07:09:56 EDT

• Next message: Wayne Blom: "SUMMARY: PANIC kernel memory fault - V4.0f"
• Previous message: Franc Carter: "can't 'see' tz89 drives"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello list,

The question:
     Is it possible to convert a trusted system into a non-trusted
     system without re-installation?
     How is it done ? Is there a pointer, manual or webpage etc ?

If you are asking if it is possible to convert from enhanced security to
basic the answer is yes. See the manual for "Security" at:
http://www.tru64unix.compaq.com/docs/pub_page/doc_list.html

I suppose "sysman secconfig" should allow you to do that

Yep: secsetup and man secsetup. Everytime you run secsetup
you will be offered the possibility to switch from basic
to enhanced and vice-versa.

Depends on what you mean by "trusted system". If you're talking about
the MLS+ product, the answer is that you must reinstall to go to
Tru64. If you're talking about having "Enhanced Security" enabled on
a Tru64 system, you can turn "Enhanced Security" off without
re-installing,
but the system must be rebooted. The instructions for turning off
"Enhanced Security" depend on what version you're running. There is
some information on this in the Security Manual.

You mean reverting from Enhanced to Base authentication? This is
not really supported or tested, although you can try it with
/usr/tcb/bin/convuser. The problem is that ES uses longer
passwords/different alorithm than Base and some of your
passwords may not convert back successfully, locking out
user accounts. Make copies of /tcb/files/auth.db and
/var/tcb/files/* before you try this and I wouldn't even
attempt this if you use NIS.

Thanks to:
- Corinne Haesaerts
- Derk Tegeler
- Dennis Sylvester
- Ann Majeske
- Denise Dumas

regards,

Yann
=======================================================================
 Jan Schepers Building HVO 3
 Computer Systems & Architectures De Run 1121
 Enterprise Solutions 5503 LB Veldhoven
 Atos Origin The Netherlands
 mailto:Jan.Schepers@AtosOrigin.com phone:+31-623-447-564
=======================================================================

• Next message: Wayne Blom: "SUMMARY: PANIC kernel memory fault - V4.0f"
• Previous message: Franc Carter: "can't 'see' tz89 drives"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:42 EDT