- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- hpux ftp allows incorrect password
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2015 01:05 PM
10-27-2015 01:05 PM
hello,
i created a group called ftpgroup with one user; ftpuser. i set the default shell for ftpuser in /etc/passwd to /usr/bin/false after creating the file /etc/shells.
i set the password using passwd ftpuser.
i typed in the wrong password in a script i have to downfile a file and modify it and i was able to login. after a few login tests i came to realize that only the first 9 characters of the password are being validated. meaning if the first 9 characters are correct i can type in anything else after and it allows me to login.
the password format is xxxx xxxx xxxx but as long as i type in xxxx xxxx im allowed to login. i can type in xxxx xxxxabcdefgh123 and im allowed to login. the password is a 3 word format with spaces in between. why does this occur?
Solved! Go to Solution.
- Tags:
- long passwords
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2015 05:58 PM
10-27-2015 05:58 PM
Solution> I realized that only the first 9 characters of the password are being validated.
The standard passwords are only up to 8 chars long. Not sure how you got 9?
http://h30499.www3.hp.com/t5/tag/long%20passwords/tg-p
http://h30499.www3.hp.com/t5/Security/How-does-one-enable-long-password-on-HP-UX-11-31/m-p/6365595
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2015 06:24 PM
10-27-2015 06:24 PM
Re: hpux ftp allows incorrect password
>> i set the password using passwd ftpuser.
Standard security is hard limited to 8 characters. The passwd command allows you to set any passwd length but silently throws away everything you typed in after the 8th character. Similalrly, when you login with a long password, everything after 8 characters is silently ignored.
This has been the case for more than 30 years and one of the many reasons to switch to a Trusted System or Shadow Password or other security level for HP-UX.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2015 09:17 AM
10-28-2015 09:17 AM
Re: HP-UX ftp truncates password to 8 chars
my apologies, i meant starting from the 9 character and forward was basically ignored.
im new to hpux administration but i looking into getting certified. i would like to get more hands on as i mostly deal with the windows servers.
thank you