SUMMARY: Synchronizing passwd file with Enhanced Security password database

From: Maglinger, Paul (PMAGLINGER@scvl.com)
Date: Wed Nov 23 2005 - 11:30:19 EST

• Next message: Dave Sill: "Administrivia: Tru64-UNIX-Managers information and policy statement"
• Previous message: Shaun.Racine@intier.com: "SUMMARY: DS15 com port RMC stopped responding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

No firm responses on this. It looks like it may be something to do with
C2 security whereby accounts are never deleted to prevent reuse of UIDs,
and thus inadvertantly give a new user and old user's privs. So,
instead of renaming the account it looks like I have to delete it and
recreate it using the same UID and groups that it had previously, and
renaming the home directory.

Thanks to all.

Paul

-----Original Message-----
From: Maglinger, Paul
Sent: Thursday, November 17, 2005 11:35
To: Maglinger, Paul
Subject: ADDENDUM: Synchronizing passwd file with Enhanced Security
password database

 Thanks to Ann Majeske, Chris Wincentsen, Richard Jackson, J.A.
Guteirrez, John Lanier, and Chris Adams for their responses.

Numerous mentions of using authck and edauth. The deleted account is
not showing up using either command, so I'm going to let that issue go
for now. The renamed account shows the new username in the passwd file
and the enhanced security database, but the old username is in the
enhanced security database too. I would assume that the rename would
have changed both, but it appears that it actually a new entry and
retains the old one as well. The old username does not appear in the
Account Manager gui, and you can't log in using the old username, so why
does it still exist in the database? Is this normal for Enhanced
Security? It appears that I can use edauth to remove the old username,
but why would such housekeeping be necessary?

-----Original Message-----
From: tru64-unix-managers-owner@ornl.gov
[mailto:tru64-unix-managers-owner@ornl.gov] On Behalf Of Maglinger, Paul
Sent: Monday, November 14, 2005 14:04
To: Tru64 Unix Managers list
Subject: Synchronizing passwd file with Enhanced Security password
database

I'm doing some housecleaning on our Tru64 5.1B servers because good ol'
SekChek shows that there are two usernames that show up in the shadow
passwd file and are not in the passwd file. One of these accounts was
deleted, the other account was renamed due to a name change. I'm trying
to find information on synchronizing these two files, but most of what
I'm finding refers to a /etc/shadow file that doesn't exist. We are
running Enhanced Security so what would be the shadow file is actually
the auth.db, right? I can't find anything on synchronizing the two.
Can someone point me in the right direction?
 
Paul Maglinger, A+, CA, CCA, CET, MCSE

Systems Administrator
Shoe Carnival Inc.
(812)867-4674
pmaglinger@scvl.com

________________________________

• Next message: Dave Sill: "Administrivia: Tru64-UNIX-Managers information and policy statement"
• Previous message: Shaun.Racine@intier.com: "SUMMARY: DS15 com port RMC stopped responding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:26 EDT