HPE Community
Operating System - HP-UX
1847820 Members
4597 Online
104021 Solutions
New Discussion

Re: SAM generated a profane password

 
MidRange Support
Advisor

‎10-18-2006 07:42 AM

‎10-18-2006 07:42 AM

SAM generated a profane password

Has anyone encountered a situation where SAM generates a profane user password? Our Service Desk performs user account enables and password resets daily. They have reported that several times over the past 6-8 months, SAM has created a profane user password.

This is the text that came up during the last occurance:

Note (hostname)
The new password for user "c998ax01" is: sh*tdump. The user must enter this password when loggin in the next time.

Note: If you reset the user password, the user is given a temporary password. Not all security policies, such as "minimum password length" and "password history", apply to these passwords, so the user should login as soon as possible and change the password.
[ OK ]

Is there any way to update/fix this issue or has this been encountered/reported by any other user or group using HP-UX 11.x. We are using HP-UX 11.11 in a trusted environment. Any suggestions or thoughts on the issue would be appreciated.

Thanks.
0 Kudos
Reply
3 REPLIES 3
spex
Honored Contributor

‎10-18-2006 07:50 AM

‎10-18-2006 07:50 AM

Re: SAM generated a profane password

I think someone at your Service Desk has too much free time on his/her hands.

PCS
0 Kudos
Reply
Peter Godron
Honored Contributor

‎10-18-2006 07:23 PM

‎10-18-2006 07:23 PM

Re: SAM generated a profane password

HI,
I would suggest you get the security policies changed, so that the passwords are system generated or selected from a list by the user.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎10-18-2006 09:29 PM

‎10-18-2006 09:29 PM

Re: SAM generated a profane password

Hi,

I would imagine that SAM bolts 2 dictionary words together to create the initial password. These would be individually checked against the spell(1) command, so this suggests that someone has manually added the words to your dictionary as they don't appear on a couple of systems that I've looked at.

Try typing:

echo house | spell
This should return a prompt as house is in the dictionary. Now try:

echo dgdgdhs | spell
which should return:
dgdgdhs
as it is not in the dictionary. Now try:

echo sh*t | spell (obviously the full word, not with the *)
If it returns the word, then it's been added to your dictionary and I would investigate that further.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.