Re: maximum password length error from tcb when user changes password

Steve Blackwell · ‎08-16-2006

All,

I have a rp7410 running 11.11, which is trusted and uses a tcb database.

When a user goes to change his password he gets the following error and the password change does not stick.

ERROR: Failed to update USER huggemr
Password's length exceeds the maximum length defined in tcb

Below is the output from getprpw for that user.

uid=1204, bootpw=NO, audid=24, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Fri Jul 21 18:27:16 2006, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Thu Aug 17 09:27:06 2006, ulogint=Wed Aug 16 12:00:42 2006, sloginy=pts/tq, culogin=-1, uloginy=pts/to, umaxlntr=-1, alock=NO, lockout=0000000

Does anyone have any idea's what the problem is?

Cheers

Steve

Pete Randall · ‎08-16-2006

Steve,

How long a password are they trying to enter? According to the man page:

"Passwords can be greater than eight characters, but it is recommended that they be less than 40 characters. System warnings are displayed if passwords lengths are either too long or short. The system administrator can specify a maximum password length guideline for the system generated options (random syllables, random characters, and random letters). The actual maximum password length depends upon several parameters in the authentication database and in the algorithm."

Pete

Pete

Peter Godron · ‎08-16-2006

Steve,
check:
/tcb/files/auth/system/default
and
/tcb/files/auth/h/huggemr

I think the -1 value for maxpwln means 'undefined'

Jaime Bolanos Rojas. · ‎08-16-2006

Steve,

You might want to modify your setting with this command modprdef

Also take a look at this thread for more info:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=990550&admit=-682735245+1155814780993+28353475

Regards,

Jaime.

Work hard when the need comes out.

Steve Blackwell · ‎08-17-2006

All,

I have been doing some testing and it seems the problem is with the parameter u_maxlen in the /tcb/files/auth/system/default file.

As I understand it this parameter relates to the system generated passwords and not the user defined password.

But anyway if I set the value of this parameter to anything above 8 then the error message goes away and the user can set his password.

Cheers

Steve

Steven E. Protter · ‎08-17-2006

Shalom,

Perhaps a conflict with /etc/default/security

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

John Kittel · ‎08-17-2006

FWIW: I think you have mostly solved your own mystery. You're almost correct about u_maxlen. Your users won't be able to set passwords longer than this value. But see man prpwd for explanation of u_maxlen. The way I read it, it is max length of passwords, regardless of how generated, not (just) of system generated passwords. What caused you to think it was only for system generated passwords?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: maximum password length error from tcb when user changes password

maximum password length error from tcb when user changes password