How does one enable long password on HP-UX 11.31 (204 Views)
Reply
Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 1 of 9 (204 Views)

How does one enable long password on HP-UX 11.31

Hi

 

I have installed PHI & Longpassword on 11.31.

 

# LongPass11i3 B.11.31.01 HP-UX 11.31 LongPass11i3 Bundle
# LongPass11i3.LongPassword11i3 B.11.31.01 HP-UX 11.31 LongPassword11i3 Product
LongPass11i3.LongPassword11i3.LP-CONF B.11.31.01 LongPassword11i3 Configuration Files
# PHI11i3 B.11.31.02 HP-UX 11.31 Password Hashing Infrastructure
# PHI11i3.SHA11i3 B.11.31.02 HP-UX 11.31 SHA11i3 Product
# PHI11i3.SHA11i3.Manuals Manual Pages and Documentation
PHI11i3.SHA11i3.Manuals.SHA-ENG-A-MAN B.11.31.02 SHA11i3 English Manpages
PHI11i3.SHA11i3.SHA-CONF B.11.31.02 SHA11i3 Configuration Files

 

I have done a pwconv -v /etc/passwd, /etc/shadow exists.

 

My /etc/default/security file reads:

 

LONG_PASSWORD=1
DISPLAY_LAST_LOGIN=0
INACTIVITY_MAXDAYS=65
AUTH_MAXTRIES=8
PASSWORD_HISTORY_DEPTH=12
PASSWORD_MAXDAYS=180
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
NUMBER_OF_LOGINS_ALLOWED=8
PASSWORD_MINDAYS=7
ABORT_LOGIN_ON_MISSING_HOMEDIR=1
ALLOW_NULL_PASSWORD=0
PASSWORD_MIN_SPECIAL_CHARS=1
PASSWORD_WARNDAYS=3
CRYPT_ALGORITHMS_DEPRECATE=__unix__
CRYPT_DEFAULT=6

 

I have set myself a 12 character password, yet when I still log in, I can still log in with the first 8 characters.

 

I have since rebooted, to no affect (I wouldn't expect there to be).

 

Any ideas Gurus?

 

Tariq

Please use plain text.
Honored Contributor
Bill Hassell
Posts: 14,178
Registered: ‎05-29-2000
Message 2 of 9 (197 Views)

Re: How does one enable long password on HP-UX 11.31

Enabling long passwords does not change existing passwords. Once you reboot, you can then change the password to a longer one and it should work OK. The extra characters after 8 were silently ignored when originally setting the password without LongPasswords setup.

Please use plain text.
Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 3 of 9 (192 Views)

Re: How does one enable long password on HP-UX 11.31

HI

 

Since the installation and reboot, I have atempted to reset my password.  I do successfully do so, but when I log in, I get access denied.

 

My password meets these criteria:

 

1 upper case character(s),
1 lower case character(s),
1 digit(s), and
1 special character(s).

 

So, why can't I login with a password that meets these?

 

Regards

 

Tariq

Please use plain text.
Honored Contributor
Bill Hassell
Posts: 14,178
Registered: ‎05-29-2000
Message 4 of 9 (184 Views)

Re: How does one enable long password on HP-UX 11.31

The password requirements are only used when you create a new password. If your new password fails the criteria, then the current password will not be changed. If you changed the password after you rebooted, then the new password will work OK.

Please use plain text.
Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 5 of 9 (164 Views)

Re: How does one enable long password on HP-UX 11.31

Hi

 

Strange things are happening.

 

Upon resetting my password to fulfil the criteria, I can get in through telner but access is denied through SSH with the same pw.

 

Any ideas anyone?

 

Regards

 

Tariq

Please use plain text.
Honored Contributor
Bill Hassell
Posts: 14,178
Registered: ‎05-29-2000
Message 6 of 9 (158 Views)

Re: How does one enable long password on HP-UX 11.31

Check syslog.log to see what sshd is reporting concerning this user. I am assuming that this is *NOT* the root user that is failing. If it is root, then the default for sshd is to not allow root logins.

Please use plain text.
Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 7 of 9 (148 Views)

Re: How does one enable long password on HP-UX 11.31

Hi Bill

 

Feb 7 15:29:13 servername sshd[18822]: Failed password for thasan from xxx.xxx.xxx.xxx port nnnnn ssh2

 

This message appears repeatedly, even whilst using the same password that allowed me, thasan, to access via telnet.

 

We used putty for telnet and ssh connections.

 

Regards

 

Tariq

 

 

Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 8 of 9 (139 Views)

Re: How does one enable long password on HP-UX 11.31

What is the state of the UsePAM option in your sshd configuration file (typically /opt/ssh/etc/sshd_config)?

What is your HP-UX SSH version?

 

From the installation requirements of the PHI11iv3 package:

 

To use HP-UX PHI11i3 with SSH, you must install HP-UX Secure Shell A.05.00.26 or later from Software Depot, http://software.hp.com . Also, you must set "UsePAM yes" in /etc/opt/ssh/sshd_config . 

 

MK
Please use plain text.
Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 9 of 9 (135 Views)

Re: How does one enable long password on HP-UX 11.31

Matti

 

Thanks

 

I set the UsePAM to 'yes'

 

and it now works.

 

Regards & thanks for your help.

 

Tariq

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation