Hewlett Packard Enterprise Community
Help
cancel
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

hpux ftp allows incorrect password

SOLVED
Go to solution
jesc516
Occasional Contributor
‎10-27-2015 01:05 PM
‎10-27-2015 01:05 PM
Solved!

hpux ftp allows incorrect password

hello,

 

i created a group called ftpgroup with one user; ftpuser. i set the default shell for ftpuser in /etc/passwd to /usr/bin/false after creating the file /etc/shells.

 

i set the password using passwd ftpuser.

 

i typed in the wrong password in a script i have to downfile a file and modify it and i was able to login. after a few login tests i came to realize that only the first 9 characters of the password are being validated. meaning if the first 9 characters are correct i can type in anything else after and it allows me to login.

 

the password format is xxxx xxxx xxxx but as long as i type in xxxx xxxx im allowed to login. i can type in xxxx xxxxabcdefgh123 and im allowed to login. the password is a 3 word format with spaces in between. why does this occur?

Tags (1)
0 Kudos
Reply
3 REPLIES 3
Dennis Handly
Acclaimed Contributor
‎10-27-2015 05:58 PM
‎10-27-2015 05:58 PM
Solution

Re: HP-UX ftp truncates password to 8 chars

Message contains a hyperlink

> I realized that only the first 9 characters of the password are being validated. 

 

The standard passwords are only up to 8 chars long.  Not sure how you got 9?

 

http://h30499.www3.hp.com/t5/tag/long%20passwords/tg-p

http://h30499.www3.hp.com/t5/Security/How-does-one-enable-long-password-on-HP-UX-11-31/m-p/6365595

0 Kudos
Reply
Bill Hassell
Honored Contributor
‎10-27-2015 06:24 PM
‎10-27-2015 06:24 PM

Re: hpux ftp allows incorrect password

>> i set the password using passwd ftpuser.

 

Standard security is hard limited to 8 characters. The passwd command allows you to set any passwd length but silently throws away everything you typed in after the 8th character. Similalrly, when you login with a long password, everything after 8 characters is silently ignored.

This has been the case for more than 30 years and one of the many reasons to switch to a Trusted System or Shadow Password or other security level for HP-UX.



Bill Hassell, sysadmin
0 Kudos
Reply
jesc516
Occasional Contributor
‎10-28-2015 09:17 AM
‎10-28-2015 09:17 AM

Re: HP-UX ftp truncates password to 8 chars

my apologies, i meant starting from the 9 character and forward was basically ignored.

 

im new to hpux administration but i looking into getting certified.  i would like to get more hands on as i mostly deal with the windows servers.

 

thank you

0 Kudos
Reply