password in trusted mode.

Srimalik · ‎06-16-2008

Hi,

I had a untrusted system with a password more than 8 chars(I know its of no use in case of untrusted system) say: abcd123456.

from this if I entered only the first eight chars I was able to login.

Now I convert the system to trusted mode and set the password limit to 20 chars.

Now also I see the same behavior I am able to login with abcd1234 as well as abcd123456.

I have not changed the password while converting the system to trusted mode. so the password is still abcd1234 (56 should be ignored as the hash never had this part)

Is this expected?? shouldn't the login fail when I try the password "abcd123456"???
It should only succeed with abcd1234.

-Sri

abandon all hope, ye who enter here..

Jeeshan · ‎06-16-2008

Hi Sri

if you want to get benefitted of the trusted system, you may need to reset the password more that 8 characters.

a warrior never quits

Srimalik · ‎06-16-2008

Thanks for the reply Ahsan

I can always reset the the password to more more than 8 chars.
My doubt is about the behavior of system.

I am writing an app which will behave exacly similar to the login prompt. so I used
crypt to authenticate on a untrusted system and bigcrypt on an untrusted system.

But for the above scenarios the results for my app. and login prompt do not match. :-(

I want to confirm where the behaviour shon by the login program is correct in trusted mode. It allows me to login with two passwords.

abandon all hope, ye who enter here..

Srimalik · ‎06-16-2008

Found a thered with similar contents but not closure

http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1213594642072+28353475&threadId=1184575

abandon all hope, ye who enter here..

Avinash20 · ‎06-16-2008

Please share the OS version

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

Avinash20 · ‎06-16-2008

When passwords on trusted systems are 8 bytes long you can enter a
password longer than 8 bytes and login to the system (as long as the
first 8 bytes match).

This CR asks that only the password entered be used to allow access to
the system if it fully matches the encrypted user password. That is
compare all of the password entered don't truncate it to 8 characters
for password matching.

The fix for 11.11 is delivered through PHCO_35250.

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

Avinash20 · ‎06-16-2008

The above is the known issue, and has been fixed with the patch mentioned above.

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

Srimalik · ‎06-16-2008

Thanks Avinash

Is a equivalent patch available for 11.23?

-Sri

abandon all hope, ye who enter here..

Srimalik · ‎06-16-2008

I could not find it in the patchequilancy table:
http://www12.itrc.hp.com/service/patch/document.do?docId=equiv_data1111

I am running a 11.23 june 2007 release.

-Sri

abandon all hope, ye who enter here..

Avinash20 · ‎06-16-2008

Here it goes

PHCO_35251 libpam_unix cumulative patch

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

Avinash20 · ‎06-16-2008

The above is the equivalent patch for 11.23

You could also find the equiv patch by going to patch desc of 11.11 patch and check for the field
Equivalent Patches:

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

Avinash20 · ‎06-16-2008

The latest patch available for 11.23 is

PHCO_37070 libpam_unix cumulative patch

Always better to have the latest patch level

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

Srimalik · ‎06-16-2008

I installed PHCO_37076 ( the latest in series) but the problem is still there.

Steps to dulicate

1) untrust the system
2) set password to abcd1234
3) make the system trusted
4) login with abcd1234 ..succeeds <---- OK
5) login with abcd123456 ...succeeeds <---- this should not happen because the password is abc1234 and not abcd123456

One more thing I tried was:

1) do steps 1-3 above
2) change the password to something else..
3) change the password to abcd1234 ( this should bring the system in same state as in step 3 above)

4) login with abcd1234..succeeds <--OK
5) login with abcd123456 ...fails <---I think this is the correct behavior

Is there some other patch to solve this?

-Sri

abandon all hope, ye who enter here..

Avinash20 · ‎06-16-2008

Hmm.. Could you please check if the patch has been installed sucessfully

# swlist -l fileset -a state | grep

This should be configured

>> Let me test this in my lab servers this weekend..

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

Avinash20 · ‎06-16-2008

Please attach the
# swlist -l fileset -a state
output

Also I understand that you have installed the patch PHCO_37076 & all its dependencies

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

Srimalik · ‎06-16-2008

I have installed all the dependencies

The output requested is:
bash-3.2# swlist -l patch -a state PHCO_37076
# Initializing...
# Contacting target "habhppa5"...
#
# Target: habhppa5:/
#

# PHCO_37076
# PHCO_37076.CORE-ENG-A-MAN configured
# PHCO_37076.CORE2-64SLIB configured
# PHCO_37076.CORE2-SHLIBS configured
bash-3.2# swverify PHCO_37076

======= 06/17/08 03:31:06 MDT BEGIN swverify SESSION
(non-interactive) (jobid=habhppa5-0036)

* Session started for user "root@habhppa5".

* Beginning Selection
* Target connection succeeded for "habhppa5:/".
* Software selections:
+ Networking.NET2-KRN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
+ OS-Core.C-KRN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
+ OS-Core.CORE-KRN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA
+ OS-Core.CORE2-KRN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
+ OS-Core.KERN-RUN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA
+ OS-Core.KERN2-RUN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
+ PHCO_31607.SECURITY2,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31616.UX2-CORE,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31618.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31618.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31621.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31621.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_32146.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_32146.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_32146.UX2-CORE,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_35048.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_35048.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_35048.PROG-MIN,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_35048.PROG-MN-64ALIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_36742.CORE-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_IA/PA
+ PHCO_36742.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_36742.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
PHCO_37076.CORE-ENG-A-MAN,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_IA/PA
PHCO_37076.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
PHCO_37076.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHKL_31500.CORE2-KRN,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ UserLicense.UNL-USER,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
* A "+" indicates an automatic selection due to dependency or
the automatic selection of a patch or reference bundle.
* Selection succeeded.

* Beginning Analysis
* Session selections have been saved in the file
"/.sw/sessions/swverify.last".
* The analysis phase succeeded for "habhppa5:/".
* Verification succeeded.

NOTE: More information may be found in the agent logfile using the
command "swjob -a log habhppa5-0036 @ habhppa5:/".

======= 06/17/08 03:31:13 MDT END swverify SESSION (non-interactive)
(jobid=habhppa5-0036)

bash-3.2#

abandon all hope, ye who enter here..

Srimalik · ‎06-26-2008

Closing this.
Will use the workaround if needed.

abandon all hope, ye who enter here..

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

password in trusted mode.

password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.

Re: password in trusted mode.