HPE Community
Operating System - HP-UX
1833053 Members
2329 Online
110049 Solutions
New Discussion

CDE login on trusted system fails for long passwords

 
SOLVED
Go to solution
Michael D'Aulerio
Regular Advisor

‎02-04-2004 04:37 AM

‎02-04-2004 04:37 AM

CDE login on trusted system fails for long passwords

Hello,

I have a trusted system running HP-UX 10.20 and have stumbled upon a curious problem. The system runs CDE and uses the X display manager login. There is no problem logging in as long as the user password is 8 characters or less. If a user changes his password to one with more than 8 characters, he can no longer login via XDM. The regular login command (or rlogin, telnet, etc.) and the su command will accept the longer password. The system does not use NIS passwords.

I checked the encrypted password in the trusted data base file (/tcb/files/auth/s/sysadmin) and the encrypted password that is generated is longer than that generated for shorter passwords. I think what is happening is that the X login only uses the first 8 characters of the user password to generate the encrypted password so it doesn't match the one in the trusted database.

Anyone out there run into something like this or has any ideas what to do?
Thanks.
Email: michael.n.daulerio@lmco.com
0 Kudos
Reply
5 REPLIES 5
RAC_1
Honored Contributor

‎02-04-2004 05:19 AM

‎02-04-2004 05:19 AM

Re: CDE login on trusted system fails for long passwords

what is the setting for maxpwln parameter?

user getprdef to check that. Set it to 10 or so and try logging in. Also should be able to login with 8 chars of the password on CDE.
There is no substitute to HARDWORK
0 Kudos
Reply
Darren Prior
Honored Contributor

‎02-04-2004 11:12 PM

‎02-04-2004 11:12 PM

Solution

Re: CDE login on trusted system fails for long passwords

Hi,

I've posted a response to your other thread - which doesn't mention that it's 10.20.

Have you fully patched the system? 10.20 had a number of patches that were essential for trusted systems.

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
Michael D'Aulerio
Regular Advisor

‎02-06-2004 05:01 AM

‎02-06-2004 05:01 AM

Re: CDE login on trusted system fails for long passwords

Darren,

Thank you for all your help. The CDE login on my trusted HP-UX 10.20 system does not seem to recognize passwords longer than 8 characters no matter what I try. We cannot run 11.0 (for reasons too numerous to get into). I searched the patch database, the technical documentation and the forum database. I could not find anything that talked about the CDE login and password length. I found one patch that let you change the minimum allowable password length but nothing about max length.
Any other ideas?
Email: michael.n.daulerio@lmco.com
0 Kudos
Reply
Darren Prior
Honored Contributor

‎02-06-2004 05:42 AM

‎02-06-2004 05:42 AM

Re: CDE login on trusted system fails for long passwords

Hi Michael,

I don't believe that there's a way of limiting the password length for user generated passwords. There is a relationship between the encrypted password length and the plaintext password, so potentially you could test this further and have a script that compares your user encrypted passwords and notifying you of any that are above a certain length. It's certainly not a particularly nice thing to do though, I mention it purely out of interest rather than as a solution!

For 10.20 the following patches are essential (imho). Some of these are only necessary if you use SAM, others are required to make tsconvert work:

PHCO_8246
PHCO_8247
PHCO_12236
PHCO_17218
PHCO_25591
PHCO_27422

Also PHSS_26788 - mentions that vuelock only looks at first 8 chars of a passwd. I know little about CDE/VUE (other than the using it part!) but this could be relevant - please read the patch text file.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Michael D'Aulerio
Regular Advisor

‎02-06-2004 06:27 AM

‎02-06-2004 06:27 AM

Re: CDE login on trusted system fails for long passwords

Thanks for all the help. I will check the patches you suggest.
Email: michael.n.daulerio@lmco.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.