System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

 
JD White
Advisor

11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

The system is being loaded with security extentions and not as a trusted system.

If I expire a user's passwd "passwd -f username"
Then have the user login and change their password I get the following:

Password:
Changing password for "username"
Old password:
New password:
Password too short - must be at least 15 characters
New password:
Password too short - must be at least 15 characters
New password:

(I know the long password I'm using is good because I use it with a 11.23 trusted system which also requires 15 character passwds.)

I Have loaded LongPass11i3 and PHI11i3 and have verified them. Have also made the changes to the /etc/defauld/security required by the load instructions. (See Below) Have run a "cat -v" on the security file to make sure no special char are in it. (We have this issue on 4 machines.)

Entries in /etc/defauld/security

ALLOW_NULL_PASSWORD=0
AUDIT_FLAG=1
AUTH_MAXTRIES=3
DISPLAY_LAST_LOGIN=1
INACTIVITY_MAXDAYS=30
BOOT_AUTH=1
BOOT_USERS=(left out for secuity reasons)
MIN_PASSWORD_LENGTH=15
NUMBER_OF_LOGINS_ALLOWED=5
PASSWORD_HISTORY_DEPTH=10
PASSWORD_MIN_UPPER_CASE_CHARS=2
PASSWORD_MIN_LOWER_CASE_CHARS=2
PASSWORD_MIN_DIGIT_CHARS=2
PASSWORD_MIN_SPECIAL_CHARS=2
PASSWORD_MAXDAYS=60
PASSWORD_MINDAYS=30
PASSWORD_WARNDAYS=14
SU_ROOT_GROUP=(left out for secuity reasons)
UMASK=022
CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_DEPRECATE=__unix__
LONG_PASSWORD=1

I have tried setting the allowed password lenght to 9, 10, ect up to 15 and none of the options will work. However, it does work if I go back to 8.

Does anyone know why it will not all the user to update their password to one longer than 8?

I'm hoping I'm doing something wrong and its not broken becasue we have several time sensitive projects we can not move forward on until 11.31 is up and running.

Thanks
JD
10 REPLIES
Steven E. Protter
Exalted Contributor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

Shalom,

You may still be missing a patch for 11.31 HP-UX.

That is the most common cause of this problem.

What is the most recent QPK installed? Also recommend if you have a support contract, searching the patch database.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
VK2COT
Honored Contributor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

Hello,

Are you using Shadow passwords?
What do these commands report:

# passwd -sa

# userdbget -a

Cheers,

VK2COT
VK2COT - Dusan Baljevic
Hakki Aydin Ucar
Honored Contributor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

Hi,
If you set this,
MIN_PASSWORD_LENGTH=9

then you attempt with a 8 char long password, does it ask ;Password too short - must be at least 9 characters
JD White
Advisor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

Steven:

I loaded the September version and just tried to reload it to make sure & there were no missing packages when the analysis finished the Status was "All software skipped."

VK2COT:

passwd -sa: Returned all user names with PS or the any setting that was set to something other than the defaults in /etc/default/security

userdbget -a returned the one user we have that has DISPLAY_LAST_LOGIN=1
set to 0.


Hakki:

I picked a user and as root I reset his passwd to 15 characters.

I then executed "passwd -f username"

I can login with the 15 character password with no problem.

However, I can also login with the first 8 characters of the 15 character password.

Either way it asks me for for my old passwd then my new one. If I try to reset the passwd to a new one with 8,9,10---20 character passwd I get the same message telling me the password must be "at least 15 characters."
Earl_Crowder
Trusted Contributor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

JD,

Make sure you're using shadow passwords. Have you run pwconv? Does /etc/shadow exist?

Earl
JD White
Advisor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

Earl,

Shadow is active. Got "x" in the password entries and /etc/shadow hash is being updated whenever I update a passwd.
Earl_Crowder
Trusted Contributor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

JD,

have you rebooted? If not, try killing pwgrd and restarting it using "/sbin/init.d/pwgrd start".

My box exhibited the same problem until i restarted that daemon.

Earl
JD White
Advisor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

Earl

Yes I have rebooted and just to make sure I ran a "/sbin/init.d/pwgrd stop
then "/sbin/init.d/pwgrd start

And the issue still exists.

This appears to be something with my load and not a configuration problem so I've opened a ticket with HP.

If they get it fixed I'll post the problem and solution. In the mean time if anyone has a idea please send it my way.

Thanks

JD
JD White
Advisor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

The problem was with the sequence we loaded the depots. Even though these depots are available during the initial load from the release media.

PHI11i3_B.11.31.02.depot

NumericUser_B.11.31.0809.03_HP-UX_B.11.31_IA_PA

LongPass11i3web0911.depot

I you want it to work you can not load them until after you have run "pwconv".

You also have to make sure you load PHI11i3 before LongPass11i3.

Good luck and thank to Roxanne on the help desk for leading me to the light. :-)
JD White
Advisor

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

Solved See my post above.