HPE Community
Operating System - HP-UX
1833744 Members
2680 Online
110063 Solutions
New Discussion

Password problems

 
Matt Rieman
Contributor

‎07-22-2003 09:25 AM

‎07-22-2003 09:25 AM

Password problems

Hi,

After converting our HP-UX 11.00 system to a Trusted System, and having our users change their passwords, the system allows users with more complex passwords (for example, J0shu@T@y10r) to only login once. When they logoff, then try to log back on, they get an "incorrect login" error message.

When I reset their password to something more simple (for example, eaton1) it works fine. We are using the default password and account security settings. What is causing this? Any help would be greatly appreciated.

Thanks,

Matt
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎07-22-2003 09:27 AM

‎07-22-2003 09:27 AM

Re: Password problems

There are still certain special characters that should not be used in passwords. Tell the users to stop doing that.

Also as a backup if the long password doesn't work, try the first 8 characters.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Matt Rieman
Contributor

‎07-22-2003 09:33 AM

‎07-22-2003 09:33 AM

Re: Password problems

Thanks, any idea exactly which characters shouldn't be used, or where I can get a list?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎07-22-2003 09:35 AM

‎07-22-2003 09:35 AM

Re: Password problems

Hi Matt:

The characters to avoid are those listed in the 'getty' man pages, notably:

#, @, /, !, _, backspace, ^U, ^D, or &

Regards!

...JRF...
0 Kudos
Reply
Martin Johnson
Honored Contributor

‎07-22-2003 09:41 AM

‎07-22-2003 09:41 AM

Re: Password problems

There are at least 2 special characters that I know of that should not be used in a password:

# = Erases the previous character
@ = Erases the whole line

There may be others, but I know of these 2.

HTH
Marty
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎07-22-2003 09:51 AM

‎07-22-2003 09:51 AM

Re: Password problems

Hi Matt,

Well for sure any chars that have meaning to the tty driver - such as @ # \ ^ etc.

If you do an
stty -a
you'll see what chars have special meaning to tty. Definitely don't use those even though they may be chars as some term definitions don't use the - just the char.

Also look at /tcb/files/auth/system/default file & note the entry for u_maxlen (default is 10) or go into SAM -> Auditing & Security -> System Security Policies -> Password Format Policies & note the max PW length.
Then inform the users to NOT exceed the length.
The system will only encrypt that number of chars when the user enters the PW, but will interpret ALL the chars when they enter it for decryption & that can throw off the result & cause a PW mismatch.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.