HPE Community
Operating System - HP-UX
1833815 Members
2396 Online
110063 Solutions
New Discussion

Password Lengths

 
SOLVED
Go to solution
Karen Powers_1
New Member

‎08-19-2003 10:11 AM

‎08-19-2003 10:11 AM

Password Lengths

Hello,
I am trying to find out how to see what the max password length is set to on a trusted HPUX 11 system. I see that it can be up to 40 characters however, when we try to connect to the HP with client software, it will not see more than the first 8 characters.
Thanks!
0 Kudos
Reply
11 REPLIES 11
Pete Randall
Outstanding Contributor

‎08-19-2003 10:14 AM

‎08-19-2003 10:14 AM

Re: Password Lengths

Karen,

This question has come up many times in the forums and the answer is always the same: you are best off if you stick to an 8 character password. Exceeding 8 characters is possible, but the results are generally unfavorable.


Pete


Pete
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎08-19-2003 10:28 AM - last edited on ‎03-11-2025 11:08 PM by

‎08-19-2003 10:28 AM - last edited on ‎03-11-2025 11:08 PM by

Re: Password Lengths

Karen,

Here's an example:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xdd20aaf9f7b2d711abdc0090277a778c,00.html


Pete



[Moderator edit: The above link is no longer valid. ]


Pete
0 Kudos
Reply
Darren Prior
Honored Contributor

‎08-20-2003 01:01 AM

‎08-20-2003 01:01 AM

Solution

Re: Password Lengths

Hi Karen,

As you can see in the thread Pete pointed to it is possible to have far longer passwords on a trusted system than the 8 character limit for non-trusted.

If you attempt to logon from the console you should have no problem with longer passwords (well, other than remembering them!) However, it sounds like your client software isn't suited for use with a trusted system. If it only allows you to type in 8 chars it suggests that it isn't even aware of the trusted system's abilities.

Is your client software a terminal or screen emulator, or is it a separate application? I'd expect an emulator to present a prompt for the password which it sends in return, whereas an application might authenticate itself - in which case it needs to know the difference between the trusted and non-trusted system calls required for authentication.

To summarise: ask the client software vendor if it supports connecting to a trusted system.

regards,

Darren
Calm down. It's only ones and zeros...
Reply
twang
Honored Contributor

‎08-20-2003 01:06 AM

‎08-20-2003 01:06 AM

Re: Password Lengths

On a trusted system, you can set the the minimum lenght of password through parameter in the /etc/default/security:

MIN_PASSWORD_LENGTH = 8
0 Kudos
Reply
Karen Powers_1
New Member

‎08-20-2003 05:36 AM

‎08-20-2003 05:36 AM

Re: Password Lengths

Thanks to everyone for their replies. The client application works on many different platforms and has no character length limitation in the password field. My customer's machine is set up in trusted mode. For what ever reason, on hp only, the HP server only sees the first 8 characters. I am trying to figure out if it is something in our client software that is the problem or if it is something setup incorrectly on the customer's HP machine. Our client application is written in VB.
Thanks again!
Karen
0 Kudos
Reply
Darren Prior
Honored Contributor

‎08-20-2003 05:46 AM

‎08-20-2003 05:46 AM

Re: Password Lengths

Hi Karen,

If you can pick out the section of VB code that is responsible for the initial connection and authenticating, please post it - I may be able to help.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Nat Guyton
Advisor

‎08-20-2003 06:15 AM

‎08-20-2003 06:15 AM

Re: Password Lengths

First see if simple telnet gives the same problem. If not, it's probably your VB code. If so, it's system-related and don't waste time looking at the VB code until it works with telnet.
Never underestimate the bandwidth of a station wagon filled with backup tapes
Reply
Karen Powers_1
New Member

‎08-20-2003 06:27 PM

‎08-20-2003 06:27 PM

Re: Password Lengths

Thanks Darren,
Here is what I got from the engineer. He says it's a stripped down version of the code but this is basically what it does. He also put his own comments below the code. Thanks again!:

if((shadow_fields = getspnam(mypwent->pw_name)) != NULL)
checkpass = shadow_fields->sp_pwdp;

if (checkpass == NULL)
checkpass = mypwent->pw_passwd;

cryptedpass = crypt(passwdtext, checkpass);
if (strcmp(cryptedpass, checkpass))
{
return(80011);
}

Basically we are using the standard api calls we use for hp systems,
this code has been working since HPUX went to shadow files. We do not
truncate the password before getting here and all the access to the
system goes thou this one piece of code. If they need us to use new or
extended api calls to run on trusted system then we would recommend
using DS 7.0 when it comes out and configuring the security PAM option
for the product this can be made to use standard UNIX login that should,
if HP have done it right, handle the trusted and untrusted cases without
us having to write specific code for trusted systems.

0 Kudos
Reply
Karen Powers_1
New Member

‎08-21-2003 08:42 AM

‎08-21-2003 08:42 AM

Re: Password Lengths

OK, I think now I may have the answer to my own question. We are using crypt. It appears that on a trusted system, we need to use bigcrypt to get the longer passwords. Is this correct?
Thanks!
Karen
0 Kudos
Reply
Darren Prior
Honored Contributor

‎08-21-2003 09:04 AM

‎08-21-2003 09:04 AM

Re: Password Lengths

Hi Karen,

yes - bigcrypt is used on trusted systems. Have you previously only had people using short passwords, as you mentioned that this had been working since shadow passwords came out?

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
Karen Powers_1
New Member

‎08-21-2003 10:21 AM

‎08-21-2003 10:21 AM

Re: Password Lengths

Hi Darren,
Well, the engineer says that but I have been supporting this product for ages and I know this has been an issue for quite some time. We just must not have many customers that use more than 8 characters. No one, up until the other day, really pushed the issue. Thank you very much for all your time!
Regards,
Karen
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.