https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806373#M489130 <P>&gt;&gt; i set the password using passwd ftpuser.</P><P>&nbsp;</P><P>Standard security is hard limited to 8 characters. The passwd command allows you to set any passwd length but silently throws away everything you typed in after the 8th character. Similalrly, when you login with a long password, everything after 8 characters is silently ignored.</P><P>This has been the case for more than 30 years and one of the many reasons to switch to a Trusted System or Shadow Password or other security level for HP-UX.</P> Wed, 28 Oct 2015 01:24:37 GMT Bill Hassell 2015-10-28T01:24:37Z https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806285#M489127 <P>hello,</P><P>&nbsp;</P><P>i created a group called ftpgroup with one user; ftpuser. i set the default shell for ftpuser in /etc/passwd to /usr/bin/false after creating the file /etc/shells.</P><P>&nbsp;</P><P>i set the password using passwd ftpuser.</P><P>&nbsp;</P><P>i typed in the wrong password in a script i have to downfile a file and modify it and i was able to login. after a few login tests i came to realize that only the first 9 characters of the password are being validated. meaning if the first 9 characters are correct i can type in anything else after and it allows me to login.</P><P>&nbsp;</P><P>the password format is xxxx xxxx xxxx but as long as i type in xxxx xxxx im allowed to login. i can type in xxxx xxxxabcdefgh123 and im allowed to login. the password is a 3 word format with spaces in between. why does this occur?</P> Tue, 27 Oct 2015 20:05:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806285#M489127 jesc516 2015-10-27T20:05:22Z https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806366#M489129 <P>&gt; I realized that only the first 9 characters of the password are being validated.&nbsp;</P><P>&nbsp;</P><P>The standard passwords are only up to 8 chars long.&nbsp; Not sure how you got 9?</P><P>&nbsp;</P><P><A href="http://h30499.www3.hp.com/t5/tag/long%20passwords/tg-p" target="_blank">http://h30499.www3.hp.com/t5/tag/long%20passwords/tg-p</A></P><P><A href="http://h30499.www3.hp.com/t5/Security/How-does-one-enable-long-password-on-HP-UX-11-31/m-p/6365595" target="_blank">http://h30499.www3.hp.com/t5/Security/How-does-one-enable-long-password-on-HP-UX-11-31/m-p/6365595</A></P> Wed, 28 Oct 2015 00:58:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806366#M489129 Dennis Handly 2015-10-28T00:58:38Z https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806373#M489130 <P>&gt;&gt; i set the password using passwd ftpuser.</P><P>&nbsp;</P><P>Standard security is hard limited to 8 characters. The passwd command allows you to set any passwd length but silently throws away everything you typed in after the 8th character. Similalrly, when you login with a long password, everything after 8 characters is silently ignored.</P><P>This has been the case for more than 30 years and one of the many reasons to switch to a Trusted System or Shadow Password or other security level for HP-UX.</P> Wed, 28 Oct 2015 01:24:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806373#M489130 Bill Hassell 2015-10-28T01:24:37Z https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806818#M489131 <P>my apologies, i meant starting from the 9 character and forward was basically ignored.</P><P>&nbsp;</P><P>im new to hpux administration but i looking into getting certified.&nbsp; i would like to get more hands on as i mostly deal with the windows servers.</P><P>&nbsp;</P><P>thank you</P> Wed, 28 Oct 2015 16:17:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/hpux-ftp-allows-incorrect-password/m-p/6806818#M489131 jesc516 2015-10-28T16:17:52Z