- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- password encryption
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2013 06:12 AM
06-20-2013 06:12 AM
I was successfull in encrypting the password in v3 using
/usr/sbin/usermod -p $(perl -e"print crypt('user1123','xxxxxxxx')") -F testid19
but -p option is available only in HP-UX 11 i v3.
but i have to change user password in HP-UX 11i v1 and v2.
Is there any option ???
Solved! Go to Solution.
- Tags:
- encryption
- Password
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2013 06:29 AM
06-20-2013 06:29 AM
Re: password encryption
On HP-UX 11.11 and 11.23 try using the /usr/sam/lbin/usermod.sam command.
The syntax is a bit different, but it will still work.
# ./usermod.sam -?
Unrecognized Option '?'
Usage: usermod.sam [-p <passwd> [-u <uid> [-o]] [-g <group> [-G <group>[,<group...> [-d <dir> [-m]] [-s <shell>] [-c <comment>] [-f <inactive>] [-e <expire>] [-l <new logname>] <login>
Where the '-p <passwd>' is the encrypted password. For example:
# /usr/sam/lbin/usermod.sam -p abc123 pwallek
# cat /tcb/files/auth/p/pwallek
pwallek:u_name=pwallek:u_id#122:\
:u_pwd=abc123:\
:u_auditid#48:\
:u_auditflag#1:\
:u_succhg#1364840922:u_suclog#1364840930:u_suctty=pts/ta:u_unsuclog#1364840900:\
:u_unsuctty=pts/ta:u_lock@:chkent:
And notice that my encrypted password is now abc123.
- Tags:
- usermod.sam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2013 06:37 AM
06-20-2013 06:37 AM
Re: password encryption
HI
I have tried using below and successfull,but i am not sure what is the use of 66 in password.
#export user=testuser
# export pass=testuser66
# /usr/sam/lbin/usermod.sam -p `echo $pass | /usr/lbin/makekey` $user
without using 66 in passowrd, I am not successful..
what is the use of 66 ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2013 06:39 AM
06-20-2013 06:39 AM
Re: password encryption
Hi
/usr/sam/lbin/usermod.sam -p abc123 pwallek
but when i tried above option, the password is not getting encrypted and when i check the status with passwd -s username,still user account is locked.
I am not using trusted system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2013 06:46 AM
06-20-2013 06:46 AM
Re: password encryption
Hi
#/usr/sam/lbin/usermod.sam -p abc123 testuser
# passwd -s testuser
testuser LK 06/20/13 0 91
password status is still locked.
I am not able to login.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2013 06:59 AM
06-20-2013 06:59 AM
Re: password encryption
In my post above, I said -- Where the '-p <passwd>' is the encrypted password.
You have to pass the encrypted password to the command. This command does NOT encrypt the password for you.
My example with my id was to show that the string passed to the '-p' option would show up EXACTLY the same in the password field which means NO encryption is done.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2013 09:42 PM
06-20-2013 09:42 PM
Re: password encryption
# /usr/sam/lbin/usermod.sam -p `echo ABcd@123466 | /usr/lbin/makekey` testuser
what is the use of 66 in password filed.
when i leave out 66,i am not successful .
and when i use 66 in password field ,i am successful and the password set is ABcd@1234
but 66 is not taken in to password filed.
what is the reason.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2013 12:43 AM
06-21-2013 12:43 AM
Re: password encryption (makekey)
>echo ABcd@123466 | /usr/lbin/makekey
makekey(1) says the first 8 chars are the password and the next two are the salt.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2013 01:26 AM
06-21-2013 01:26 AM
Re: password encryption (makekey)
HI Dennis,
I do read the man page .. Thanks for info.
but My problem is ,, I am trying to change the password by script.
USERNAME=$1
PASSWD=$2
echo "------------------------------------------------------------" >> ${PWD2LOG}
echo "Start : `date +\"%Y/%m/%d %H:%M:%S\"` \n" >> ${PWD2LOG}
WORKDAY=`date +%Y%m%d`
echo "User : ${USERNAME} Pass : ${PASSWD}\n" >> ${PWD2LOG}
#echo $USERNAME
#echo $PASSWD
#sleep 5
if [ "${USERNAME}" != "" ];then
if [ "${PASSWD}" != "" ];then
echo "Crypting the given password" >> ${PWD2LOG}
#/usr/sbin/usermod -p $(perl -e"print crypt('$PASSWD','xxxxxxxx')") -F $USERNAME
/usr/sam/lbin/usermod.sam -p `echo $PASSWDlb | /usr/lbin/makekey` $USERNAME
if [ $? != 0 ];then
echo "\nERROR. PASSWD change faild" >> ${PWD2LOG}
echo "return 1" >> ${PWD2LOG}
RTNCODE=1
echo "`hostname`: ERROR. PASSWD change failed"
else
echo "\n Passwd Set OK." >> ${PWD2LOG}
echo "return 0" >> ${PWD2LOG}
#RTNCODE=0
echo "`hostname`: Passwd Set OK." >> ${PWD2LOG}
RTNCODE=0
#echo "0"
fi
else
echo "\nERROR. PASSWD param not set" >> ${PWD2LOG}
echo "return 1" >> ${PWD2LOG}
RTNCODE=1
echo "`hostname`: ERROR. PASSWD param not set"
fi
else
echo "\nERROR. USER param not set" >> ${PWD2LOG}
echo "return 1" >> ${PWD2LOG}
RTNCODE=1
echo "`hostname`: ERROR. USER param not set"
fi
echo "\n End : `date +\"%Y/%m/%d %H:%M:%S\"`" >> ${PWD2LOG}
echo "------------------------------------------------------------" >> ${PWD2LOG}
exit 0
in /usr/sam/lbin/usermod.sam -p `echo $PASSWDlb | /usr/lbin/makekey` $USERNAME
when I am executing it manually, I am sucessfull and account is able to log in the server.
but when i am trying to use it across script,account is still locked.
since i guess there is some mistake in exporting the password filelds .
any suggestion to fix the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2013 01:38 AM
06-21-2013 01:38 AM
Re: password encryption
The traditional crypt(3C) Unix password encryption (= what the makekey command does) is technically known as a type of "salted hash".
The "salt" is a value used to modify the encryption process, to make it harder to reverse. The salt should usually be chosen randomly when the password is encrypted for storage.
The crypt(3C) algorithm takes a maximum of 8 characters as a password + 2 characters of salt.
So in your example, the password will be "ABcd@123", the salt will be "46" and the extra "6" at the end will simply be ignored.
(You could have replaced the "66" in your example with just "6" and still would have got the same result. The makekey command wants exactly 10 characters: if it gets less than that, it will fail. If it gets more than that, it gets the first 10 and ignores the rest.)
For each different salt value, the password will be encrypted in a different way. So it will be hard to confirm if someone else has the same password as you by simply comparing the encrypted passwords: if that other person has a different salt value, then the encryption result will be totally different, even if the actual password is the same.
Since the crypt(3C)-style password encryption is not effectively reversible, the password cannot be decrypted for checking. Instead, when the user enters his/her password into the password prompt at login, the user-entered password will also be encrypted, and then the encryption result will be compared with the stored encrypted password. But to make this comparision valid, the user-entered password must be encrypted using the same salt value as the stored password.
To make this possible, the salt must be stored unencrypted: it will be the first two characters in the encrypted password field.
I don't have a HP-UX system available at the moment, so I don't have the "makekey" command. But modern versions of OpenSSL also have a password encryption function, which handles several well-known password algorithms, including crypt(3C):
$ openssl passwd -crypt -salt 46 ABcd@123 46Qtr3Dtgy0u6
I think this is exactly the same as the value you got from the "makekey" command in your example, right?
As you can see, the salt appears unencrypted at the beginning of the encrypted result. This command makes it more obvious, as the salt must be entered using a separate option.
If the -salt option is not used, the "openssl passwd" command will choose the salt value randomly, so the encryption result will be different each time:
$ openssl passwd -crypt ABcd@123 S3oA559In3qHE $ openssl passwd -crypt ABcd@123 4e.6PnvMJGuHo $ openssl passwd -crypt ABcd@123 7S/umCxP4JdhM
- Tags:
- OpenSSL