My original questions:
> I'm considering the need to revert one of my systems from C2 Enhanced
> security back to BASE security. If anyone's done this, can you offer
> comments? I'm dealing with about 4600 accounts on this system.
>
> Do the passwords get retained?
>
> Is 'convuser -b' the best way to handle this? Or do I run secsetup to
> select BASE (and possibly that runs 'convuser -b')?
>
> Does this note from the secsetup man page apply (or is this only when
> converting to ENHANCED security)?
> NOTE: After secsetup is run, passwords that were originally entered
> with
> more than 8 characters will match a string with ONLY the first 8
> characters.
>
> I know that with Enhanced security, modifications must be made to permit
> xdm access. With BASE security, what steps would I need to take to
> *prevent* xdm access?
Thanks to the following people who responded:
Chad Price
Dale Inman
Marie-Claude Vialatte
Corinne Haesaerts
Ryan Gray
Nikola Milutinovic
The general consensus is that the best method to revert from Enhanced
security to Base security is to run the secsetup command, and that
passwords less than or equal to 8 characters in length are retained
(although one person stated flat out no passwords are retained).
Additionally, passwords will not be retained for any accounts that were
disabled under Enhanced security (due to excessive failed login
attempts, for example).
No one was able to offer any good advice on my question regarding xdm
access. More specifically, I'd like to be able to prohibit users (from
X terminals, for example) from being able to run cde or xdm remotely off
the system (under Base security).
Thanks.
Jane Zuzek
--
====================================================================
Jane Zuzek
Computer Systems Manager, Oberlin College
Jane.Zuzek_at_oberlin.edu
440-775-6929
====================================================================
Received on Tue Feb 22 2000 - 16:54:09 NZDT