Hi! We're running HP-UX 11i on an L-Class HP9000 server. We've found
that we need to recompile an app we're developing as we change between
our system being untrusted and trusted. However, we're running DB2
UDB 7.1 on the box and it can authenticate just fine when our system
is trusted or untrusted and we don't have to recompile DB2, obviously.

We haven't found any good doc or guidelines on developing software on
HP trusted and untrusted systems and user authentication. We've found
when the system is trusted, we must use different system calls to
perform the authentication than when the system in untrusted.

Where can we find info on developing apps that will authenticate users
successfully regardless of the system being trusted or untrusted?

Thanks in advance for your time.

Peace...

Tom

Tom Williams (tom.williams@diversifiedsoftware.com) wrote:
: Hi! We're running HP-UX 11i on an L-Class HP9000 server. We've found
: that we need to recompile an app we're developing as we change between
: our system being untrusted and trusted. However, we're running DB2
: UDB 7.1 on the box and it can authenticate just fine when our system
: is trusted or untrusted and we don't have to recompile DB2, obviously.

interesting.

: We haven't found any good doc or guidelines on developing software on
: HP trusted and untrusted systems and user authentication. We've found
: when the system is trusted, we must use different system calls to
: perform the authentication than when the system in untrusted.

For the most part your not making system calls as section 3 calls are
library calls.

For specific documents or guidelines, I haven't found anything. There is
docs on installing and managing the systems on docs.hp.com. I guess the
best reference for programming is the varaious manpages. You can start
with authcap(4) or prpwd(4) and follow the SEE ALSO's. You should also
check out iscomsec(2) to tell if the system is trusted or not. For normal
systems then the getpwent(3C) family is the one to use.

: Where can we find info on developing apps that will authenticate users
: successfully regardless of the system being trusted or untrusted?

Manpages is the best I can come up with. use the getprpw* family of calls
for trusted and the getpw* family for non-trusted. Use iscomsec(2) to
sort out the difference.


--
Jim Hollenback
jholly@cup.hp.com
my opinion.

Tom Williams wrote:
> Hi! We're running HP-UX 11i on an L-Class HP9000 server. We've found
> that we need to recompile an app we're developing as we change between
> our system being untrusted and trusted. However, we're running DB2
> UDB 7.1 on the box and it can authenticate just fine when our system
> is trusted or untrusted and we don't have to recompile DB2, obviously.
>
> We haven't found any good doc or guidelines on developing software on
> HP trusted and untrusted systems and user authentication. We've found
> when the system is trusted, we must use different system calls to
> perform the authentication than when the system in untrusted.
>
> Where can we find info on developing apps that will authenticate users
> successfully regardless of the system being trusted or untrusted?
>
> Thanks in advance for your time.
>
> Peace...
>
> Tom
man getprpwent(3) which are the trusted system calls instead of getpass.

jholly@cup.hp.com (Jim Hollenback) wrote in message news:<3f1f0770$1@usenet01.boi.hp.com>...
> Tom Williams (tom.williams@diversifiedsoftware.com) wrote:
> : Hi! We're running HP-UX 11i on an L-Class HP9000 server. We've found
> : that we need to recompile an app we're developing as we change between
> : our system being untrusted and trusted. However, we're running DB2
> : UDB 7.1 on the box and it can authenticate just fine when our system
> : is trusted or untrusted and we don't have to recompile DB2, obviously.
>
> interesting.
>
> : We haven't found any good doc or guidelines on developing software on
> : HP trusted and untrusted systems and user authentication. We've found
> : when the system is trusted, we must use different system calls to
> : perform the authentication than when the system in untrusted.
>
> For the most part your not making system calls as section 3 calls are
> library calls.
>
> For specific documents or guidelines, I haven't found anything. There is
> docs on installing and managing the systems on docs.hp.com. I guess the
> best reference for programming is the varaious manpages. You can start
> with authcap(4) or prpwd(4) and follow the SEE ALSO's. You should also
> check out iscomsec(2) to tell if the system is trusted or not. For normal
> systems then the getpwent(3C) family is the one to use.
>
> : Where can we find info on developing apps that will authenticate users
> : successfully regardless of the system being trusted or untrusted?
>
> Manpages is the best I can come up with. use the getprpw* family of calls
> for trusted and the getpw* family for non-trusted. Use iscomsec(2) to
> sort out the difference.


Thanks for the feedback. It sounds like using "iscomsec()" to test
for whether a system is trusted or not should do the trick!

Peace...

Tom