HPE Community
Operating System - HP-UX
1831936 Members
3288 Online
110032 Solutions
New Discussion

ftp truncates password

 
Tony Scully_2
Valued Contributor

‎12-04-2007 06:47 AM

‎12-04-2007 06:47 AM

ftp truncates password

Bit of an odd one -- I have applied some patches to an HP-UX 11.00 server, and since then the ftp client on the server is passing the full password string to the server. Now what's wrong with that you might (reasonably) ask... well before the patches it apparently only sent the first 8 characters of the password, and as usual the users don't like 'change'.

Has anyone seen this before? The patches I applied were:

PHCO_36096
PHKL_35993
PHNE_35483
PHNE_35729
PHSS_34686
PHSS_34834
PHSS_35380


I can't find anything obvious in th patch description of these.

Any ideas?

Cheers,
Tony
You CAN do that on HP
0 Kudos
Reply
5 REPLIES 5
F Verschuren
Esteemed Contributor

‎12-04-2007 06:51 AM

‎12-04-2007 06:51 AM

Re: ftp truncates password

looks likes in the past the pam athenticion was used differend,

to use 8 again ( for all passwd)
sam
Auditing and Security
System Security Policies

Password Format Policies...
Maximum Password Length: 8
done

be aware you have to have the tcb files working.
0 Kudos
Reply
Tony Scully_2
Valued Contributor

‎12-04-2007 07:02 AM

‎12-04-2007 07:02 AM

Re: ftp truncates password

Thanks for the reply -- I did at first think it might be PAM related, maybe I've not been clear about what happens:


On the server side (HP-UX 11.11) tcb is on, passwd length is 8.

A user has a passwd 8 chars in length.

From hpux 11.00 box he ftps to the server above.

Before I patched, he could type in the 8 characters of the passwd, plus any additional characters and still get in.

Now, he has to type the exact passwd, no additional chars.

Are you saying that previously PAM was dropping the additional chars and now it's not? I did also patch the server side (with many patches) so maybe I should be looking at these for a PAM patch?

Cheers,
Tony
You CAN do that on HP
0 Kudos
Reply
F Verschuren
Esteemed Contributor

‎12-04-2007 07:53 AM

‎12-04-2007 07:53 AM

Re: ftp truncates password

does other meganisses still drop the rest?
like telnet?
0 Kudos
Reply
Tony Scully_2
Valued Contributor

‎12-04-2007 08:34 AM

‎12-04-2007 08:34 AM

Re: ftp truncates password

Telnet works correctly, so I think you must be right, that it's a PAM change on the server side.

Do you have any more details -- I did install the libpam patch PHCO_35250 on the server side, but there's no real detail of any changes to authenication in the patch notes.

Thanks,
Tony
You CAN do that on HP
0 Kudos
Reply
F Verschuren
Esteemed Contributor

‎12-04-2007 01:19 PM

‎12-04-2007 01:19 PM

Re: ftp truncates password

I do not know about patches,
can you please check:
Auditing and Security
Authenticated Commands
User Authentication

and checks if it has the same settings as a working protocol?


ps can you alsow check the patch status:


swlist -l patch -a state and check if all is configured
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.