HPE Community
Operating System - HP-UX
1855013 Members
3528 Online
104109 Solutions
New Discussion

Re: why the password changed ?

 
guogang
Senior Member

‎07-14-2008 12:51 AM

‎07-14-2008 12:51 AM

why the password changed ?

the system is a trust system. the customer found out they could not login the system,the root user didn't been locked. after many tries, we loged in the system used the front 8 chars of the origin password. this is very strange.how can explain this case,thanks.

#/usr/lbin/getprpw root
uid=0, bootpw=YES, audid=0, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Fri Jul 4 11:09:18 2008, upwchg=Thu Jul 10 16
:01:36 2008, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT,timeod=-1, slogint=Fri Jul 11 18:39:48 2008, ulogint=Fri Jul 11 18:33:29 2008, sloginy=pts/0, culogin=-1, uloginy=-1, umaxlntr=-1,alock=NO, lockout=0000000

the output of this command told us,the password has changed Fri Jul 4 11:09:18 2008
but the customer really didn't do this, and according the policy of the password ,if wanting to change password, it must can not user the front 8 chars of the origin password as the new password.

thanks!
0 Kudos
Reply
8 REPLIES 8
Anshumali
Esteemed Contributor

‎07-14-2008 02:47 AM

‎07-14-2008 02:47 AM

Re: why the password changed ?

Did someone actually logged in to the system after Fri Jul 4 11:09:18 2008 or was there a session open since then?
It appears that password was changed on Fri Jul 4 11:09:18 2008 and no one bothered to test whether it is taking full > 8 characters or not.

Moreover, what is you password history depth set to? Easy way to use the same password is change the password equating the depth and then put the same old password. What is your system wide mintm. (Minimum days between password changes)



Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
Reply
guogang
Senior Member

‎07-14-2008 05:21 AM

‎07-14-2008 05:21 AM

Re: why the password changed ?

dear Anshumali

nobody could log in the system by the origin password after Fri Jul 4 11:09:18 2008.but we can rlogin this system through the other system which is trusted by this system.

becuase the system is the core server,the password is very complex and managed by two administrators, i think nobody except the administrators can change the password. it need provide the old password when you want to set the new password in the trust system.

we did the test, when inputting the full password we could not log in, only input front 8 chars.

this password has been used for a long time.

PASSWORD_HISTORY_DEPTH=9
mintm=30

any question please feel me to tell me,thanks


0 Kudos
Reply
Srimalik
Valued Contributor

‎07-14-2008 06:01 AM

‎07-14-2008 06:01 AM

Re: why the password changed ?


Hi, guogang

Let me write my interpretation of the problem first, I may not be useful in providing a solution.

It was a trusted system and password set to more than 8 chars and evrything was working fine with a password which was greater than eight chars.

Then one fine day you noticed that you were not able to login with the old password (greater than 8 chars). But you can login using the first 8 chars of the original password.


Did you confirm that the system is still in trusted mode? Maybe you have already done that but just to confirm.

I had a problem related to trusted mode password recently

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1241133

But, I am not able to relate it to your problem, please see if you can relate them somehow.

Thanks
Sri

abandon all hope, ye who enter here..
0 Kudos
Reply
OldSchool
Honored Contributor

‎07-14-2008 06:12 AM

‎07-14-2008 06:12 AM

Re: why the password changed ?

"the system is a trust system. the customer found out they could not login the system,the root user didn't been locked. after many tries, we loged in the system used the front 8 chars of the origin password. this is very strange.how can explain this case,thanks."

Well, if the original password was more than 8 characters and the system was converted to "trusted-mode" recently, the original password was truncated to 8 characters....

All of this is documented in the man pages, especially the warning about passwords longer than 8 characters
0 Kudos
Reply
guogang
Senior Member

‎07-14-2008 07:04 PM

‎07-14-2008 07:04 PM

Re: why the password changed ?

dear oldschool

thanks for your reply.

i need clarify my problem ,the system was converted to trust system for a long time and the password also worked normally for a long time.

"All of this is documented in the man pages, especially the warning about passwords longer than 8 characters" what does it mean. would you please explain it further.

it is very strange , why did the system change the password automatically.

thanks
GG
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-14-2008 07:15 PM

‎07-14-2008 07:15 PM

Re: why the password changed ?

> "All of this is documented in the man pages, especially the warning about passwords longer than 8 characters" what does it mean. would you please explain it further.

If the system is standard (not Trusted), then the password string is a maximum of 8 characters. You can type 50 characters for the password but only the first 8 are meaningful and the rest are ignored. It is definitely an oversight that the passwd command does not warn users about typing more than 8 characters when setting a password on a standard system. A Trusted system will check every character you type. When converting from standard to Trusted, the passwords are no more than 8 characters. Typing more than 8 will cause the failure you are seeing.

User can change their passwords to longer strings now that the system is Trusted.


Bill Hassell, sysadmin
0 Kudos
Reply
guogang
Senior Member

‎07-14-2008 07:48 PM

‎07-14-2008 07:48 PM

Re: why the password changed ?

I see ,but the system is a trust system for a long time. we didn't convert the system to the un-trust recently
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-15-2008 05:39 PM

‎07-15-2008 05:39 PM

Re: why the password changed ?

Have you been using something other than the passwd command to change passwords? A script or special security program perhaps? Most of the tools do not use bigcrypt and will silently ignore extra characters when you change the password. A Trusted system (using the HP-UX passwd program) will generate a much longer encrypted password string when 9 or more characters are typed. If the password is 8 characters or less, then the encrypted string will always be exactly 13 characters. If you change a password using 9 characters or more, the encrypted string will add 11 characters for every additional block of 1-8 additional characters. You can look at the password strings in your Trusted system:

grep u_pwd= /tcb/files/auth/*/*


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.