topic Re: Illegal password characters in Operating System - HP-UX

Illegal password characters

David Rodman — Thu, 10 Aug 2000 10:08:57 GMT

After much pain, I have discovered the @ character is a bad one to use in your
passwords (esp for root :^) Knowledge base says the # character is also forbidden,
atleast it was for hpux 10.20.
Does any one have a complete list of characters that should not be used?
HP tech support might like this too.

Symptoms:
Causes login to be rejected, but user may still use su and passwd successfully.
hpux 11.00

Re: Illegal password characters

Andreas Voss — Thu, 10 Aug 2000 10:19:20 GMT

Hi,

these characters are forbidden for passwords:
#, @, /, !, _, backspace, ^U, ^D, or &
See man getty

Regards

Andrew

Re: Illegal password characters

John Palmer — Thu, 10 Aug 2000 10:21:38 GMT

I agree that login is not too clever on HP-UX (compared to some other flavours of UNIX).

@ is interpreted as 'kill the current string and start again' for username and password.

# is interpreted as 'delete the last character' (it ought to be delete or backspace).

The only place that I've seen this documented together with a list of other 'interesting' characters is man getty.

Regards,

John

Re: Illegal password characters

James R. Ferguson — Thu, 10 Aug 2000 11:31:13 GMT

David:

In addition to the man pages for getty, the introduction pages of the HP-UX Reference manual (paper man pages) volume-1 has a section entitled "Erase, Ill, and Output Stop/Resume Characters" noting the affect of '@' and '#' in particular. These are quite useful when you bungle your login and know it!!!

...JRF...

Re: Illegal password characters

Bill Hassell — Thu, 10 Aug 2000 13:21:43 GMT

Newbies to Unix may not know what tty means (go to a museum and ask to see a Teletype machine). Hardcopy devices simply can't backspace in a meaningful manner so "back in the good old days" (tm), the 'hash' or pound character was picked as an erase character. This character was chosen because it looks a lot like the rubout character on a paper tape (I said this was a long time ago).

So when you login, the # character is the backspace character. That's why when you make a mistake at login for either user name or password, the backspace doesn't seem to work. In reality, the backspace key is being seen as just another character, but the # character will erase the previous character in the buffer (give it a try).

That's why you (should) see the stty setting in /etc/profile.

Re: Illegal password characters

David Rodman — Mon, 14 Aug 2000 16:19:47 GMT

Thanks for all the great input, I do object to being called a "newbie", but then again I am younger than the teletype so guess its not so bad.