HPE Community
Operating System - HP-UX
1827979 Members
2425 Online
109973 Solutions
New Discussion

Re: login() password problems

 
SOLVED
Go to solution
David Bonham_1
Advisor

‎05-24-2004 11:07 AM

‎05-24-2004 11:07 AM

login() password problems

I've got my HP 11i box authenticating users against Active Directory using Kerberos. No problems except when someone uses an at symbol ( @ ) in their password. login refuses to allow them on the system. It just acts as if a wrong password was entered.

So, I turned off Kerberos authentication and created a user in /etc/passwd (via sam) and changed the users password to contain an @ symbol. I still couldn't login until I changed the users password and removed the at symbol. su works just find with the at symbol in the password.

Does anyone know of a patch for login, or am I just stuck telling users they can't use the @ symbol in their passwords. Usually only the geeks do anyway.

Thanks
>/dev/null
0 Kudos
Reply
12 REPLIES 12
Steven E. Protter
Exalted Contributor

‎05-24-2004 12:14 PM

‎05-24-2004 12:14 PM

Re: login() password problems

This is probably an OS hiccup. The OS doesn't like passwords with special characters.

Since supposedly you are using Kerobos, the rules that SHOULD apply are those rules, which I don't know.

Fast practical solution is the one you proposed. Tell the users no funy characters. We don't need no stinking special characters anyway. Right? Forgive my humor.

The only thing I don't like is this may be the symptom of other problems. I'd see if that Kerobos implementation is working properly.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎05-24-2004 05:29 PM

‎05-24-2004 05:29 PM

Re: login() password problems

in my experience @ character in either login name or password means erase whatever I typed so far and start from scratch. This is especially a useful feature when you know that you made a typo in password or username and you know that backspace will not work as backspace you know while typing your username and password. Especially if you are at your last chance to type the correct password before the trusted system locks you out until the sysadmin or the help desk comes to work.

Example
Let's assume your username is "typesbad" and password is "fatfingr"

Login: typesbad
Password: fatfib@fatding@fatfingr (although hidden let's assume this is what you typed)

this combination will log you in.

If you did not have the misfortune of vorking with Virtual Vault which locks you real good after 3 hard tries, you can not imagine what a god sent character is that @ sign. It may be something related to the login process and can be changed but even if this is the case I do not know how.

Hope this helps clear why.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Kiran Kumar M
Advisor

‎05-24-2004 05:39 PM

‎05-24-2004 05:39 PM

Re: login() password problems

This is not a problem with Kerberos, you can use @ in your password. It's more a login issue, as Mel pointed out.

Try escaping the '@' with a '\' this should work. You could also set the erase to someother character in your .profile, that way you can still use '@' in your password, without the need for it to be escaped with '\'
0 Kudos
Reply
Sundar_7
Honored Contributor

‎05-25-2004 05:10 AM

‎05-25-2004 05:10 AM

Re: login() password problems

the problem here is that @ symbol is interpreted as a special control character by the terminal.

# stty -a < /dev/ttyconf

Try this and see if "kill" is assigned to @ symbol.

If yes then change this to something else

# stty kill ^X < /dev/ttyconf > /dev/ttyconf.

Try now. Alternative way is to include a backslash before the @ symbol to "escape" the special character

If the user password is user@123 then enter the password as user\@123.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎05-25-2004 06:09 AM

‎05-25-2004 06:09 AM

Re: login() password problems

Hi there,
I would rather suggest not to use @ sign because it has some other purpose to serve.
In case you write a wrong user name or password by mistake and instead for waiting for the another login prompt you can correct you mistakes by typing @ and then writing the loginname or password again.

for e.g. i am logging as root and typed t twice in end still i am able to correct my self using @ sign and then by typing root correctly i still can proceed with login. @ will nullify the previous characters.

login:roott@root
password:

#

Other workaorund is already suggested that is by using Escape character.

Hope this helps.
Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
David Bonham_1
Advisor

‎05-25-2004 06:16 AM

‎05-25-2004 06:16 AM

Re: login() password problems

Thank you all for your comments. Now that I see the purpose of the @ sign I will tell users to avoid it. I might also just enable SIS (secure internet services) to avoid the logon prompt altogher.

Also of note is that you can't use a # sign in your password either.

Thanks again.

>/dev/null
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎05-25-2004 07:17 AM

‎05-25-2004 07:17 AM

Solution

Re: login() password problems

"#" is the backspace key.

As mentioned above, a simple fix is to use "stty kill ^u erase ^h
HTH

-- Rod Hills
There be dragons...
Reply
David Bonham_1
Advisor

‎05-25-2004 07:41 AM

‎05-25-2004 07:41 AM

Re: login() password problems

Thanks Ron.

man stty gave me more enlightenment regarding this. I will probably change it then! THANKS!


# stty -a < /dev/ttyconf
min = 4; time = 0;
intr = DEL; quit = ^\; erase = #; kill = @
eof = ^D; eol = ^@; eol2 ; swtch
stop = ^S; start = ^Q; susp ; dsusp
werase ; lnext



>/dev/null
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-25-2004 08:27 AM

‎05-25-2004 08:27 AM

Re: login() password problems

While stty will fix the problem AFTER you login, you must use the ttyconf device file to preset all tty devices so that login works the same way. The default for login is to use the driver defaults and # is a backspace, and @ is a line-kill. There are a couple of ways to solve this:

- Tell users that they are authenticating across many different platforms and each one has it's own rules about passwords, filenames, directory names, etc. As a result, they must choose from the lowest common denominator for password rules. One system may accept # and @ but another may not. Or one system likes spaces and punctuation but another does not. One system can handle \{}[]*#? in filenames but another either cannot handle them or must escape them. Since this is so easy to rememeber, just summarize all the rules for all the systems and the users will be happy.

- Or tell the users to use alphanumerics only.

- For HP-UX, you can enable # and @ (using ttyconf) characters but users will probably get confused when they try to copy a file with # in it.


Bill Hassell, sysadmin
0 Kudos
Reply
David Bonham_1
Advisor

‎05-25-2004 01:50 PM

‎05-25-2004 01:50 PM

Re: login() password problems

I got it! Thank you, especially Sundar!

The correct syntax was:

stty erase ^H < /dev/ttyconf
stty intr ^C < /dev/ttyconf

Perfect! Now I can use both @ and # in passwords. Thanks!
0 Kudos
Reply
Gord Moore
Frequent Advisor

‎06-01-2004 10:53 AM

‎06-01-2004 10:53 AM

Re: login() password problems

So, would this be a list of special characters
that users should NOT include in passwords:
# because it means kill
@ because it means interupt
& because it means erase line
\ because it means "escape"

Any others?
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-01-2004 02:14 PM

‎06-01-2004 02:14 PM

Re: login() password problems

The list of special characters for login is defined by the driver defaults. These default values are listed in the man page termio (close to line 300: Special Characters

The termio list is lengthy but the most common are # (erase previous character) and @ (cancel current line). & is not defined as anything special and does not erase the line. \ is not special either. It means escape the next character but only to a shell (unless ICANON was set with /dev/ttyconf). Remember that login has nothing to do with a shell prompt. login and password occur completely outside the environment setup in a shell...or more accurately, the shell sets up it's own environment after login with /etc/profile where stty is used to change the driver defaults.

As mentioned, the special device file /dev/ttyconf was created to allow changing the driver defaults before login. As to which characters to avoid, you have to decide whether to reassign the defaults. If so, then # and @ are fine to use...unless of course you are using passwords across many different operating systems. You must check with each one as to reserved characters.

Once logged on, special characters are now defined by the shell and may be different for different shells and of course, the user may change these in a local .profile or simply use the stty command. Again, all the shell features occur long after login/password have been handled.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.