How does one enable long password on HP-UX 11.31 (525 Views)
Reply
Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 1 of 9 (525 Views)

How does one enable long password on HP-UX 11.31

Hi

 

I have installed PHI & Longpassword on 11.31.

 

# LongPass11i3 B.11.31.01 HP-UX 11.31 LongPass11i3 Bundle
# LongPass11i3.LongPassword11i3 B.11.31.01 HP-UX 11.31 LongPassword11i3 Product
LongPass11i3.LongPassword11i3.LP-CONF B.11.31.01 LongPassword11i3 Configuration Files
# PHI11i3 B.11.31.02 HP-UX 11.31 Password Hashing Infrastructure
# PHI11i3.SHA11i3 B.11.31.02 HP-UX 11.31 SHA11i3 Product
# PHI11i3.SHA11i3.Manuals Manual Pages and Documentation
PHI11i3.SHA11i3.Manuals.SHA-ENG-A-MAN B.11.31.02 SHA11i3 English Manpages
PHI11i3.SHA11i3.SHA-CONF B.11.31.02 SHA11i3 Configuration Files

 

I have done a pwconv -v /etc/passwd, /etc/shadow exists.

 

My /etc/default/security file reads:

 

LONG_PASSWORD=1
DISPLAY_LAST_LOGIN=0
INACTIVITY_MAXDAYS=65
AUTH_MAXTRIES=8
PASSWORD_HISTORY_DEPTH=12
PASSWORD_MAXDAYS=180
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
NUMBER_OF_LOGINS_ALLOWED=8
PASSWORD_MINDAYS=7
ABORT_LOGIN_ON_MISSING_HOMEDIR=1
ALLOW_NULL_PASSWORD=0
PASSWORD_MIN_SPECIAL_CHARS=1
PASSWORD_WARNDAYS=3
CRYPT_ALGORITHMS_DEPRECATE=__unix__
CRYPT_DEFAULT=6

 

I have set myself a 12 character password, yet when I still log in, I can still log in with the first 8 characters.

 

I have since rebooted, to no affect (I wouldn't expect there to be).

 

Any ideas Gurus?

 

Tariq

Honored Contributor
Bill Hassell
Posts: 14,226
Registered: ‎05-29-2000
Message 2 of 9 (518 Views)

Re: How does one enable long password on HP-UX 11.31

Enabling long passwords does not change existing passwords. Once you reboot, you can then change the password to a longer one and it should work OK. The extra characters after 8 were silently ignored when originally setting the password without LongPasswords setup.

Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 3 of 9 (513 Views)

Re: How does one enable long password on HP-UX 11.31

HI

 

Since the installation and reboot, I have atempted to reset my password.  I do successfully do so, but when I log in, I get access denied.

 

My password meets these criteria:

 

1 upper case character(s),
1 lower case character(s),
1 digit(s), and
1 special character(s).

 

So, why can't I login with a password that meets these?

 

Regards

 

Tariq

Honored Contributor
Bill Hassell
Posts: 14,226
Registered: ‎05-29-2000
Message 4 of 9 (505 Views)

Re: How does one enable long password on HP-UX 11.31

The password requirements are only used when you create a new password. If your new password fails the criteria, then the current password will not be changed. If you changed the password after you rebooted, then the new password will work OK.

Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 5 of 9 (485 Views)

Re: How does one enable long password on HP-UX 11.31

Hi

 

Strange things are happening.

 

Upon resetting my password to fulfil the criteria, I can get in through telner but access is denied through SSH with the same pw.

 

Any ideas anyone?

 

Regards

 

Tariq

Honored Contributor
Bill Hassell
Posts: 14,226
Registered: ‎05-29-2000
Message 6 of 9 (479 Views)

Re: How does one enable long password on HP-UX 11.31

Check syslog.log to see what sshd is reporting concerning this user. I am assuming that this is *NOT* the root user that is failing. If it is root, then the default for sshd is to not allow root logins.

Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 7 of 9 (469 Views)

Re: How does one enable long password on HP-UX 11.31

Hi Bill

 

Feb 7 15:29:13 servername sshd[18822]: Failed password for thasan from xxx.xxx.xxx.xxx port nnnnn ssh2

 

This message appears repeatedly, even whilst using the same password that allowed me, thasan, to access via telnet.

 

We used putty for telnet and ssh connections.

 

Regards

 

Tariq

 

 

Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 8 of 9 (460 Views)

Re: How does one enable long password on HP-UX 11.31

What is the state of the UsePAM option in your sshd configuration file (typically /opt/ssh/etc/sshd_config)?

What is your HP-UX SSH version?

 

From the installation requirements of the PHI11iv3 package:

 

To use HP-UX PHI11i3 with SSH, you must install HP-UX Secure Shell A.05.00.26 or later from Software Depot, http://software.hp.com . Also, you must set "UsePAM yes" in /etc/opt/ssh/sshd_config . 

 

MK
Regular Advisor
EU-Admins-UNIX
Posts: 196
Registered: ‎09-23-2011
Message 9 of 9 (456 Views)

Re: How does one enable long password on HP-UX 11.31

Matti

 

Thanks

 

I set the UsePAM to 'yes'

 

and it now works.

 

Regards & thanks for your help.

 

Tariq

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.