Operating System - HP-UX
1839266 Members
3330 Online
110137 Solutions
New Discussion

Re: password in trusted mode.

 
Srimalik
Valued Contributor

password in trusted mode.

Hi,

I had a untrusted system with a password more than 8 chars(I know its of no use in case of untrusted system) say: abcd123456.

from this if I entered only the first eight chars I was able to login.

Now I convert the system to trusted mode and set the password limit to 20 chars.

Now also I see the same behavior I am able to login with abcd1234 as well as abcd123456.

I have not changed the password while converting the system to trusted mode. so the password is still abcd1234 (56 should be ignored as the hash never had this part)

Is this expected?? shouldn't the login fail when I try the password "abcd123456"???
It should only succeed with abcd1234.



-Sri
abandon all hope, ye who enter here..
16 REPLIES 16
Jeeshan
Honored Contributor

Re: password in trusted mode.

Hi Sri

if you want to get benefitted of the trusted system, you may need to reset the password more that 8 characters.
a warrior never quits
Srimalik
Valued Contributor

Re: password in trusted mode.

Thanks for the reply Ahsan

I can always reset the the password to more more than 8 chars.
My doubt is about the behavior of system.

I am writing an app which will behave exacly similar to the login prompt. so I used
crypt to authenticate on a untrusted system and bigcrypt on an untrusted system.

But for the above scenarios the results for my app. and login prompt do not match. :-(

I want to confirm where the behaviour shon by the login program is correct in trusted mode. It allows me to login with two passwords.



abandon all hope, ye who enter here..
Srimalik
Valued Contributor

Re: password in trusted mode.

Found a thered with similar contents but not closure

http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1213594642072+28353475&threadId=1184575
abandon all hope, ye who enter here..
Avinash20
Honored Contributor

Re: password in trusted mode.

Please share the OS version
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: password in trusted mode.

When passwords on trusted systems are 8 bytes long you can enter a
password longer than 8 bytes and login to the system (as long as the
first 8 bytes match).

This CR asks that only the password entered be used to allow access to
the system if it fully matches the encrypted user password. That is
compare all of the password entered don't truncate it to 8 characters
for password matching.

The fix for 11.11 is delivered through PHCO_35250.
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: password in trusted mode.

The above is the known issue, and has been fixed with the patch mentioned above.
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Srimalik
Valued Contributor

Re: password in trusted mode.

Thanks Avinash

Is a equivalent patch available for 11.23?

-Sri
abandon all hope, ye who enter here..
Srimalik
Valued Contributor

Re: password in trusted mode.

I could not find it in the patchequilancy table:
http://www12.itrc.hp.com/service/patch/document.do?docId=equiv_data1111

I am running a 11.23 june 2007 release.

-Sri
abandon all hope, ye who enter here..
Avinash20
Honored Contributor

Re: password in trusted mode.

Here it goes

PHCO_35251 libpam_unix cumulative patch
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: password in trusted mode.

The above is the equivalent patch for 11.23

You could also find the equiv patch by going to patch desc of 11.11 patch and check for the field
Equivalent Patches:
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: password in trusted mode.

The latest patch available for 11.23 is

PHCO_37070 libpam_unix cumulative patch

Always better to have the latest patch level
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Srimalik
Valued Contributor

Re: password in trusted mode.


I installed PHCO_37076 ( the latest in series) but the problem is still there.

Steps to dulicate

1) untrust the system
2) set password to abcd1234
3) make the system trusted
4) login with abcd1234 ..succeeds <---- OK
5) login with abcd123456 ...succeeeds <---- this should not happen because the password is abc1234 and not abcd123456


One more thing I tried was:

1) do steps 1-3 above
2) change the password to something else..
3) change the password to abcd1234 ( this should bring the system in same state as in step 3 above)

4) login with abcd1234..succeeds <--OK
5) login with abcd123456 ...fails <---I think this is the correct behavior

Is there some other patch to solve this?

-Sri
abandon all hope, ye who enter here..
Avinash20
Honored Contributor

Re: password in trusted mode.

Hmm.. Could you please check if the patch has been installed sucessfully

# swlist -l fileset -a state | grep

This should be configured

>> Let me test this in my lab servers this weekend..
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: password in trusted mode.

Please attach the
# swlist -l fileset -a state
output

Also I understand that you have installed the patch PHCO_37076 & all its dependencies
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Srimalik
Valued Contributor

Re: password in trusted mode.

I have installed all the dependencies

The output requested is:
bash-3.2# swlist -l patch -a state PHCO_37076
# Initializing...
# Contacting target "habhppa5"...
#
# Target: habhppa5:/
#

# PHCO_37076
# PHCO_37076.CORE-ENG-A-MAN configured
# PHCO_37076.CORE2-64SLIB configured
# PHCO_37076.CORE2-SHLIBS configured
bash-3.2# swverify PHCO_37076

======= 06/17/08 03:31:06 MDT BEGIN swverify SESSION
(non-interactive) (jobid=habhppa5-0036)

* Session started for user "root@habhppa5".

* Beginning Selection
* Target connection succeeded for "habhppa5:/".
* Software selections:
+ Networking.NET2-KRN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
+ OS-Core.C-KRN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
+ OS-Core.CORE-KRN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA
+ OS-Core.CORE2-KRN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
+ OS-Core.KERN-RUN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA
+ OS-Core.KERN2-RUN,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
+ PHCO_31607.SECURITY2,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31616.UX2-CORE,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31618.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31618.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31621.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_31621.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_32146.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_32146.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_32146.UX2-CORE,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_35048.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_35048.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_35048.PROG-MIN,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_35048.PROG-MN-64ALIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_36742.CORE-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_IA/PA
+ PHCO_36742.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHCO_36742.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
PHCO_37076.CORE-ENG-A-MAN,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_IA/PA
PHCO_37076.CORE2-64SLIB,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
PHCO_37076.CORE2-SHLIBS,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ PHKL_31500.CORE2-KRN,l=/,r=1.0,a=HP-UX_B.11.23_IA/PA,v=HP,fr=1.0,fa=HP-UX_B.11.23_PA
+ UserLicense.UNL-USER,l=/,r=B.11.23,a=HP-UX_B.11.23_IA/PA,v=HP,fr=B.11.23,fa=HP-UX_B.11.23_PA
* A "+" indicates an automatic selection due to dependency or
the automatic selection of a patch or reference bundle.
* Selection succeeded.


* Beginning Analysis
* Session selections have been saved in the file
"/.sw/sessions/swverify.last".
* The analysis phase succeeded for "habhppa5:/".
* Verification succeeded.


NOTE: More information may be found in the agent logfile using the
command "swjob -a log habhppa5-0036 @ habhppa5:/".

======= 06/17/08 03:31:13 MDT END swverify SESSION (non-interactive)
(jobid=habhppa5-0036)

bash-3.2#
abandon all hope, ye who enter here..
Srimalik
Valued Contributor

Re: password in trusted mode.

Closing this.
Will use the workaround if needed.
abandon all hope, ye who enter here..