03-01-2001 07:55 AM
i have a system that i have to protect the passwd file, but dont want to trust. is there a way to implement some sort of shadow passwd file on a regular unix system without having to convert to a trusted system
thx in advance
03-01-2001 07:59 AM
03-01-2001 11:27 AM
the reason we didnt want to implement a trusted system had to do with passwd syncing, etc for a serviceguard environment, also its sister node in that environment runs peoplesoft, which is not C2 certified
03-02-2001 06:07 AM
In HP'ese, if you are Trusted and you employ all of the safeguards required by the government, the you're C2. Many of the requirements have to do with auditing and the like (things you get by being trusted, but not necessarily things you have to use when you are trusted). If your not DOD or DOE, you shouldn't have to worry about C2.
Given that, Trusted and Shadow are fairly similar. It's certainly possible to keep password sync'd between trusted/non-trusted system; it just might be a little harder. Just as there are password extraction capabilities for non-trusted systems, there are similar capabilities for trusted systems:
You can use these capabilites to keep things in sync.
Usually if a vendor doesn't run on a trusted system, it's because they haven't taken the 10 minutes required to conditionally reference the trusted system library calls and link to a library :-(.