HPE Community
Operating System - HP-UX
1824300 Members
5001 Online
109669 Solutions
New Discussion юеВ

"@" character not accepted by login and password prompt

 
SOLVED
Go to solution
anthony natale
Advisor

тАО06-25-2003 07:10 AM

тАО06-25-2003 07:10 AM

"@" character not accepted by login and password prompt

Good Morning All,

Our DBA's had an interesting situation appear yesterday. A couple of passwords expired so they were prompted to change them and enter the old password. Everytime they entered their old password they were welcomed with a "sorry" and disconnected.

System Info:
OS : 11.0, 10.2
SSH 3.2
Trusted Host
Problem also happens on workstations without trusted host or ssh installed.

The DBAs use @ symbols in their passwords so I thought it may be a keyboard mapping problem, it wasn't, as far as I could tell. Sending a hard coded password from the client side worked, because the system allowed them to log in and change their passwords. The problem seems to be happening on the server side when a login or password prompt is used.

Has anyone ever experienced this and if you did, what is the fix? By the way, the # symbol seems to be interpreted as a backspace as well. This always happens at the "login:" prompt (and probably the "password:").

BTW, this problem does not happen on our Sun servers.

Thanks for any help,

Ant.
0 Kudos
Reply
11 REPLIES 11
Paula J Frazer-Campbell
Honored Contributor

тАО06-25-2003 07:13 AM

тАО06-25-2003 07:13 AM

Re: "@" character not accepted by login and password prompt

Hi

What has changed?
Could they do it in the past?

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Hai Nguyen_1
Honored Contributor

тАО06-25-2003 07:16 AM

тАО06-25-2003 07:16 AM

Re: "@" character not accepted by login and password prompt

Anthony,

I did have an experience with "#" in a password. I used "\" without quotes to escape it. Then I was able to login or change a password.

Hai
0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО06-25-2003 07:19 AM

тАО06-25-2003 07:19 AM

Re: "@" character not accepted by login and password prompt

Ant.,

From man passwd:

"Avoid password characters which have special meaning to the tty
driver, such as # (erase) and @ (kill). You may not be able to login
with these characters."


Pete



Pete
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО06-25-2003 07:21 AM

тАО06-25-2003 07:21 AM

Re: "@" character not accepted by login and password prompt

Hi:

Than man pages for 'getty' specifically note that "it is not possible to log in by means of
getty and type a #, @, /, !, _, backspace, ^U, ^D, or & as part of your login name or arguments." These characters have special meaning.

Regards!

...JRF...
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО06-25-2003 07:24 AM

тАО06-25-2003 07:24 AM

Re: "@" character not accepted by login and password prompt

Hi Ant,

unless the underlying shell from which you are accessing the box has the "stty -kill" set to a different one, this (@) will by default kill the line.


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Bill Douglass
Esteemed Contributor

тАО06-25-2003 08:28 AM

тАО06-25-2003 08:28 AM

Re: "@" character not accepted by login and password prompt

As mentioned, # and @ are not allowed when logging in through the tty driver.

You can use these in a password when connecting via ssh. This raises some interesting problems when I changed a user's password, and they discovered that they could not log in. I was connecting vai openssh, while they were using telnet.

I would prefer to see this fixed in hp-ux, since it does restrict he character set available for buiulding passwords.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-25-2003 08:34 AM

тАО06-25-2003 08:34 AM

Re: "@" character not accepted by login and password prompt

If you implement LDAP and let a Microsoft server handle logins, you can have these characters in the password.

Hardly worth it for this though, I'd just stop using special characters.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО06-25-2003 09:37 AM

тАО06-25-2003 09:37 AM

Solution

Re: "@" character not accepted by login and password prompt

The default behavior for login is different than at a shell prompt. The # sign is a backspace while the @ symbol cancels the line. This has been the classic default for HP-UX (and Unix in general since the days of teletypes). So stty in /etc/profile doesn't have any effect on the login and password strings.

However, you can change every login (serial, modem, telnet, etc) by using a new device file and this construct:

stty erase "^H" < /dev/ttyconf

This will set the driver option for all connections prior to login. It takes effect immediately except for the serial console port which will require a reboot. You can add other stty values such as:

/sbin/stty erase "^H" kill "^U" intr "^C" eof "^D" -parity ixoff < /dev/ttyconf

This works on current versions of HP-UX with appropriate patches.


Bill Hassell, sysadmin
Reply
anthony natale
Advisor

тАО06-25-2003 10:03 AM

тАО06-25-2003 10:03 AM

Re: "@" character not accepted by login and password prompt

I wanted to thank all of you that have responded so quickly.

I will take note of the solutions and see what is the best implementation.

I agree that the HPUX platform should allow ALL special characters when creating passwords as we are trying to encourage users to be a bit more creative in password choices.

Thanks again for all the help.
0 Kudos
Reply
doug mielke
Respected Contributor

тАО06-26-2003 05:18 AM

тАО06-26-2003 05:18 AM

Re: "@" character not accepted by login and password prompt

The different behaviours at different times / locations could be explained by TERM.
Since this problem happens at login, you would be using a different TERM setting than after they log in to change passwd (listed in the system or users profile), since at this point, that hasn't been read.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО06-26-2003 06:16 AM

тАО06-26-2003 06:16 AM

Re: "@" character not accepted by login and password prompt

Be careful about mixed platforms. No one at Microsoft consults with Unix vendors to see what would be compatible (and vice versa). There will always be differences (especially for user names and passwords) that cannot be made compatible across all platforms and special characters are the most common class of incompatibilities. While the ttyconf solution handles (current patches) HP-UX, there are no guarentees that a special character will not cause problems with other systems. Alpha-numeric is 100% safe and creative passwords like v6dGys32 are excellent but just a bit difficult to remember. Another alternative is to use the first letters of a sentence or motto.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.