HPE Community
Operating System - HP-UX
1826056 Members
4178 Online
109690 Solutions
New Discussion

Special Characters In Password

 
Steve Lowe (IL)
Occasional Contributor

‎02-28-2007 09:57 AM

‎02-28-2007 09:57 AM

Special Characters In Password

I had a user create a password of:

fr##d0m

However, he could not access our HP server using a telnet client. But, he could connect using
SSH (openSSH).

Is there a security setting that I can enable to permit a password like the one above?

TIA.

Steve
0 Kudos
Reply
5 REPLIES 5
Patrick Wallek
Honored Contributor

‎02-28-2007 10:03 AM

‎02-28-2007 10:03 AM

Re: Special Characters In Password

Have a look at the WARNINGS section in the man page for passwd. It specifically mentions # and @ characters.

Basically, don't use those because they have special meaning to the tty driver.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎02-28-2007 10:30 AM

‎02-28-2007 10:30 AM

Re: Special Characters In Password

This "problem" dates back to the dim mists of time when UNIX was developed. In those days, terminals were often teletype devices and could not backspace so the '#' was chosen as the erase character. Note that at the time of login, the system doesn't have a clue about TERM settings so it has to make some very basic assumptions. For similar reasons '@' should be avoided.

In any event, when your user logs in with the password "fr##d0m", the system sees "d0m". Sshd is a special case and does not set the erase character.

There is a workaround to identiify your terminal settings but the best course that will work across all flavor of UNIX is to avoid '#' and '@'.
If it ain't broke, I can fix that.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎02-28-2007 10:34 AM

‎02-28-2007 10:34 AM

Re: Special Characters In Password

If you want to know about the workaround, man 4 ttytype BUT you must play by the rules and always use the matching terminal type when logging in over a given port.
If it ain't broke, I can fix that.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎02-28-2007 02:08 PM

‎02-28-2007 02:08 PM

Re: Special Characters In Password

It is really important to avoid some special characters in passwords, especially in a multi-OS environment. There are always going to be exceptions that do not match some other OS. Now you can indeed change the driver defaults (set in the driver code) by using the special device file /dev/ttyconf. For the first 15 years or so for HP-UX, there was no way to change the defaults prior to login. But starting with patches for 10.20, a new device file now exists that changes the default: /dev/ttyconf. If your system has this devicefile, then you can change the default (see man stty). To set the more standard values:

stty erase "^H" kill "^U" < /dev/ttyconf

The change immediately affects all new logins except the console. This is because the console is opened almost all the time.


Bill Hassell, sysadmin
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎02-28-2007 05:06 PM

‎02-28-2007 05:06 PM

Re: Special Characters In Password

>Clay: but the best course that will work across all flavor of UNIX is to avoid '#' and '@'.

Yes. If you insist on those chars, you can use "\" to escape them, at least on HP-UX.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.