Operating System - HP-UX
1748111 Members
3648 Online
108758 Solutions
New Discussion

Re: How does one enable long password on HP-UX 11.31

 
EU-Admins-UNIX
Regular Advisor

How does one enable long password on HP-UX 11.31

Hi

 

I have installed PHI & Longpassword on 11.31.

 

# LongPass11i3 B.11.31.01 HP-UX 11.31 LongPass11i3 Bundle
# LongPass11i3.LongPassword11i3 B.11.31.01 HP-UX 11.31 LongPassword11i3 Product
LongPass11i3.LongPassword11i3.LP-CONF B.11.31.01 LongPassword11i3 Configuration Files
# PHI11i3 B.11.31.02 HP-UX 11.31 Password Hashing Infrastructure
# PHI11i3.SHA11i3 B.11.31.02 HP-UX 11.31 SHA11i3 Product
# PHI11i3.SHA11i3.Manuals Manual Pages and Documentation
PHI11i3.SHA11i3.Manuals.SHA-ENG-A-MAN B.11.31.02 SHA11i3 English Manpages
PHI11i3.SHA11i3.SHA-CONF B.11.31.02 SHA11i3 Configuration Files

 

I have done a pwconv -v /etc/passwd, /etc/shadow exists.

 

My /etc/default/security file reads:

 

LONG_PASSWORD=1
DISPLAY_LAST_LOGIN=0
INACTIVITY_MAXDAYS=65
AUTH_MAXTRIES=8
PASSWORD_HISTORY_DEPTH=12
PASSWORD_MAXDAYS=180
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
NUMBER_OF_LOGINS_ALLOWED=8
PASSWORD_MINDAYS=7
ABORT_LOGIN_ON_MISSING_HOMEDIR=1
ALLOW_NULL_PASSWORD=0
PASSWORD_MIN_SPECIAL_CHARS=1
PASSWORD_WARNDAYS=3
CRYPT_ALGORITHMS_DEPRECATE=__unix__
CRYPT_DEFAULT=6

 

I have set myself a 12 character password, yet when I still log in, I can still log in with the first 8 characters.

 

I have since rebooted, to no affect (I wouldn't expect there to be).

 

Any ideas Gurus?

 

Tariq

9 REPLIES 9
Bill Hassell
Honored Contributor

Re: How does one enable long password on HP-UX 11.31

Enabling long passwords does not change existing passwords. Once you reboot, you can then change the password to a longer one and it should work OK. The extra characters after 8 were silently ignored when originally setting the password without LongPasswords setup.



Bill Hassell, sysadmin
EU-Admins-UNIX
Regular Advisor

Re: How does one enable long password on HP-UX 11.31

HI

 

Since the installation and reboot, I have atempted to reset my password.  I do successfully do so, but when I log in, I get access denied.

 

My password meets these criteria:

 

1 upper case character(s),
1 lower case character(s),
1 digit(s), and
1 special character(s).

 

So, why can't I login with a password that meets these?

 

Regards

 

Tariq

Bill Hassell
Honored Contributor

Re: How does one enable long password on HP-UX 11.31

The password requirements are only used when you create a new password. If your new password fails the criteria, then the current password will not be changed. If you changed the password after you rebooted, then the new password will work OK.



Bill Hassell, sysadmin
EU-Admins-UNIX
Regular Advisor

Re: How does one enable long password on HP-UX 11.31

Hi

 

Strange things are happening.

 

Upon resetting my password to fulfil the criteria, I can get in through telner but access is denied through SSH with the same pw.

 

Any ideas anyone?

 

Regards

 

Tariq

Bill Hassell
Honored Contributor

Re: How does one enable long password on HP-UX 11.31

Check syslog.log to see what sshd is reporting concerning this user. I am assuming that this is *NOT* the root user that is failing. If it is root, then the default for sshd is to not allow root logins.



Bill Hassell, sysadmin
EU-Admins-UNIX
Regular Advisor

Re: How does one enable long password on HP-UX 11.31

Hi Bill

 

Feb 7 15:29:13 servername sshd[18822]: Failed password for thasan from xxx.xxx.xxx.xxx port nnnnn ssh2

 

This message appears repeatedly, even whilst using the same password that allowed me, thasan, to access via telnet.

 

We used putty for telnet and ssh connections.

 

Regards

 

Tariq

 

 

Matti_Kurkela
Honored Contributor

Re: How does one enable long password on HP-UX 11.31

What is the state of the UsePAM option in your sshd configuration file (typically /opt/ssh/etc/sshd_config)?

What is your HP-UX SSH version?

 

From the installation requirements of the PHI11iv3 package:

 

To use HP-UX PHI11i3 with SSH, you must install HP-UX Secure Shell A.05.00.26 or later from Software Depot, http://software.hp.com . Also, you must set "UsePAM yes" in /etc/opt/ssh/sshd_config . 

 

MK
EU-Admins-UNIX
Regular Advisor

Re: How does one enable long password on HP-UX 11.31

Matti

 

Thanks

 

I set the UsePAM to 'yes'

 

and it now works.

 

Regards & thanks for your help.

 

Tariq

James Calfas
Occasional Advisor

Re: How does one enable long password on HP-UX 11.31

In my experience, the most effective way to debug ssh logins is to run sshd in debug mode.  One way to do this is to change the LogLevel parameter in sshd_config to DEBUG.   All kinds of things can go wrong with ssh connectons, and luckily the debug output gives you good explanations of what is going on.