HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Shadow Password bundle for 11.11?
Operating System - HP-UX
1827286
Members
3301
Online
109717
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2003 08:41 AM
05-01-2003 08:41 AM
Shadow Password bundle for 11.11?
I was just reading through a listing of recently released patches, and I noticed many were pre-enablement patches for shadow password file support. Can anyone enlighten me as to when I can expect this feature to be available?
Remember, wherever you go, there you are...
7 REPLIES 7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2003 08:50 AM
05-01-2003 08:50 AM
Re: Shadow Password bundle for 11.11?
Password shadowing is part of Trusted Systems.
You can convert your system to trusted either with SAM or the Bastille tool.
Links.
Required Perl install
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL
Bastille: Security Hardening Tool
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA
SEP
You can convert your system to trusted either with SAM or the Bastille tool.
Links.
Required Perl install
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL
Bastille: Security Hardening Tool
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2003 08:58 AM
05-01-2003 08:58 AM
Re: Shadow Password bundle for 11.11?
Does this mean that until now, you could not setup HP-UX 11.11 as a Trusted system?
The patch descriptions for the following would seem to indicate that, if that is the case.
PHCO_27035 : s700_800 11.11 shadow.h cumulative patch
PHCO_27036 : s700_800 11.11 pwck(1M) cumulative patch
PHCO_27037 : s700_800 11.11 libpam_unix cumulative patch
PHCO_27038 : s700_800 11.11 libsec cumulative patch
PHCO_27040 : s700_800 11.11 /sbin/passwd cumulative patch
PHCO_27041 : s700_800 11.11 passwd(1) cumulative patch
PHCO_27042 : s700_800 11.11 pwconv(1M) cumulative patch
PHCO_27064 : s700_800 11.11 libpam cumulative patch
PHCO_27345 : s700_800 11.11 cumulative sh-posix(1) patch
PHCO_27374 : s700_800 11.11 cumulative SAM patch
PHCO_27909 : s700_800 11.11 security manpages cumulative patch
PHCO_28176 : s700_800 11.11 tsconvert cumulative patch
The patch descriptions for the following would seem to indicate that, if that is the case.
PHCO_27035 : s700_800 11.11 shadow.h cumulative patch
PHCO_27036 : s700_800 11.11 pwck(1M) cumulative patch
PHCO_27037 : s700_800 11.11 libpam_unix cumulative patch
PHCO_27038 : s700_800 11.11 libsec cumulative patch
PHCO_27040 : s700_800 11.11 /sbin/passwd cumulative patch
PHCO_27041 : s700_800 11.11 passwd(1) cumulative patch
PHCO_27042 : s700_800 11.11 pwconv(1M) cumulative patch
PHCO_27064 : s700_800 11.11 libpam cumulative patch
PHCO_27345 : s700_800 11.11 cumulative sh-posix(1) patch
PHCO_27374 : s700_800 11.11 cumulative SAM patch
PHCO_27909 : s700_800 11.11 security manpages cumulative patch
PHCO_28176 : s700_800 11.11 tsconvert cumulative patch
Remember, wherever you go, there you are...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2003 11:02 AM
05-01-2003 11:02 AM
Re: Shadow Password bundle for 11.11?
Found further evidence that Shadow Passwords is something new...this is taken from HP's release notes on their build of OpenSSH 3.5.
Support for Shadow Passwords
When users initially set their password in traditional UNIX systems, the password goes through a one-way hashing function and gets stored in a publicly readable file--/etc/passwd. When users login, their password gets hashed using the same algorithm that was used when the password was initially set. After the password is hashed, it is compared to the password stored in /etc/passwd. The system grants access if the two passwords match. This one-way hashing function makes it difficult for malicious users to get unhashed passwords even though the hashed password is visible.
However, if a user chooses a password a malicious user might guess, the malicious user can hash the guessed password and compare it to the hashed password in the publicly viewable /etc/passwd file. If these two match, the malicious user now has a password to the system. This type of attack is more practical when a entire body of text, a dictionary for example, gets hashed word-by-word and is then compared to the hashed passwords of all users. This type of attack can lead to multiple compromised passwords.
Shadow password functionality addresses this vulnerability by storing hashed passwords in a file that only the root user can read. Malicious users cannot perform the attacks described above without the list of publicly hashed passwords.
To enable shadow passwords, the administrator needs to execute the /usr/sbin/pwconv utility while logged in as superuser. HP-UX Secure Shell will automatically use this feature if it is enabled on the system.
Monitor http://software.hp.com for Shadow Password availability.
.
.
.
So I guess my only question now is, when will we be seeing this software?
Support for Shadow Passwords
When users initially set their password in traditional UNIX systems, the password goes through a one-way hashing function and gets stored in a publicly readable file--/etc/passwd. When users login, their password gets hashed using the same algorithm that was used when the password was initially set. After the password is hashed, it is compared to the password stored in /etc/passwd. The system grants access if the two passwords match. This one-way hashing function makes it difficult for malicious users to get unhashed passwords even though the hashed password is visible.
However, if a user chooses a password a malicious user might guess, the malicious user can hash the guessed password and compare it to the hashed password in the publicly viewable /etc/passwd file. If these two match, the malicious user now has a password to the system. This type of attack is more practical when a entire body of text, a dictionary for example, gets hashed word-by-word and is then compared to the hashed passwords of all users. This type of attack can lead to multiple compromised passwords.
Shadow password functionality addresses this vulnerability by storing hashed passwords in a file that only the root user can read. Malicious users cannot perform the attacks described above without the list of publicly hashed passwords.
To enable shadow passwords, the administrator needs to execute the /usr/sbin/pwconv utility while logged in as superuser. HP-UX Secure Shell will automatically use this feature if it is enabled on the system.
Monitor http://software.hp.com for Shadow Password availability.
.
.
.
So I guess my only question now is, when will we be seeing this software?
Remember, wherever you go, there you are...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2003 12:59 PM
05-01-2003 12:59 PM
Re: Shadow Password bundle for 11.11?
Hi Jim,
Hmmm....interesting.
Thanks for the info.
Sounds like HP is finally going to allow shadow PWs w/o having to convert to Trusted.
Wonder if they're going to do it the same way i.e. build the /tcb/files/auth/.... dir structure OR do it differently? Seems to me they should do it the same way to avoid another PW converion if the system was later fully converted to Trusted.
Rgds,
Jeff
Hmmm....interesting.
Thanks for the info.
Sounds like HP is finally going to allow shadow PWs w/o having to convert to Trusted.
Wonder if they're going to do it the same way i.e. build the /tcb/files/auth/.... dir structure OR do it differently? Seems to me they should do it the same way to avoid another PW converion if the system was later fully converted to Trusted.
Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2003 01:08 PM
05-01-2003 01:08 PM
Re: Shadow Password bundle for 11.11?
Hi Jim,
Hmmm....interesting.
Thanks for the info.
Sounds like HP is finally going to allow shadow PWs w/o having to convert to Trusted.
Wonder if they're going to do it the same way i.e. build the /tcb/files/auth/.... dir structure OR do it differently? Seems to me they should do it the same way to avoid another PW converion if the system was later fully converted to Trusted.
Rgds,
Jeff
Hmmm....interesting.
Thanks for the info.
Sounds like HP is finally going to allow shadow PWs w/o having to convert to Trusted.
Wonder if they're going to do it the same way i.e. build the /tcb/files/auth/.... dir structure OR do it differently? Seems to me they should do it the same way to avoid another PW converion if the system was later fully converted to Trusted.
Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2003 01:14 PM
05-01-2003 01:14 PM
Re: Shadow Password bundle for 11.11?
Grrrrrr!!!!!!
I waited a full 8 minutes & rechecked the thread 3 times before I reposted.
Man I hope they find the problem soon - this is becoming VERY VERY annoying.
There I feel better now.
Sorry to vent in your thread Jim.
Later,
Jeff
I waited a full 8 minutes & rechecked the thread 3 times before I reposted.
Man I hope they find the problem soon - this is becoming VERY VERY annoying.
There I feel better now.
Sorry to vent in your thread Jim.
Later,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2003 12:01 PM
05-04-2003 12:01 PM
Re: Shadow Password bundle for 11.11?
fyi....
http://www2.itrc.hp.com/service/cki/patchDocDisplay.do?patchId=PHCO_25568
Appears that the shadow file will be /etc/shadow as per the above patch description....
and Doug has provided a time frame to expect the bundle...
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x74035ec05a7ad711abdc0090277a778c,00.html
http://www2.itrc.hp.com/service/cki/patchDocDisplay.do?patchId=PHCO_25568
Appears that the shadow file will be /etc/shadow as per the above patch description....
and Doug has provided a time frame to expect the bundle...
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x74035ec05a7ad711abdc0090277a778c,00.html
Remember, wherever you go, there you are...
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP