System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

hpux ftp allows incorrect password

SOLVED
Go to solution
jesc516
Occasional Contributor

hpux ftp allows incorrect password

hello,

 

i created a group called ftpgroup with one user; ftpuser. i set the default shell for ftpuser in /etc/passwd to /usr/bin/false after creating the file /etc/shells.

 

i set the password using passwd ftpuser.

 

i typed in the wrong password in a script i have to downfile a file and modify it and i was able to login. after a few login tests i came to realize that only the first 9 characters of the password are being validated. meaning if the first 9 characters are correct i can type in anything else after and it allows me to login.

 

the password format is xxxx xxxx xxxx but as long as i type in xxxx xxxx im allowed to login. i can type in xxxx xxxxabcdefgh123 and im allowed to login. the password is a 3 word format with spaces in between. why does this occur?

3 REPLIES
Dennis Handly
Acclaimed Contributor
Solution

Re: HP-UX ftp truncates password to 8 chars

> I realized that only the first 9 characters of the password are being validated. 

 

The standard passwords are only up to 8 chars long.  Not sure how you got 9?

 

http://h30499.www3.hp.com/t5/tag/long%20passwords/tg-p

http://h30499.www3.hp.com/t5/Security/How-does-one-enable-long-password-on-HP-UX-11-31/m-p/6365595

Bill Hassell
Honored Contributor

Re: hpux ftp allows incorrect password

>> i set the password using passwd ftpuser.

 

Standard security is hard limited to 8 characters. The passwd command allows you to set any passwd length but silently throws away everything you typed in after the 8th character. Similalrly, when you login with a long password, everything after 8 characters is silently ignored.

This has been the case for more than 30 years and one of the many reasons to switch to a Trusted System or Shadow Password or other security level for HP-UX.



Bill Hassell, sysadmin
jesc516
Occasional Contributor

Re: HP-UX ftp truncates password to 8 chars

my apologies, i meant starting from the 9 character and forward was basically ignored.

 

im new to hpux administration but i looking into getting certified.  i would like to get more hands on as i mostly deal with the windows servers.

 

thank you