Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

JD White · ‎09-20-2010

The system is being loaded with security extentions and not as a trusted system.

If I expire a user's passwd "passwd -f username"
Then have the user login and change their password I get the following:

Password:
Changing password for "username"
Old password:
New password:
Password too short - must be at least 15 characters
New password:
Password too short - must be at least 15 characters
New password:

(I know the long password I'm using is good because I use it with a 11.23 trusted system which also requires 15 character passwds.)

I Have loaded LongPass11i3 and PHI11i3 and have verified them. Have also made the changes to the /etc/defauld/security required by the load instructions. (See Below) Have run a "cat -v" on the security file to make sure no special char are in it. (We have this issue on 4 machines.)

Entries in /etc/defauld/security

ALLOW_NULL_PASSWORD=0
AUDIT_FLAG=1
AUTH_MAXTRIES=3
DISPLAY_LAST_LOGIN=1
INACTIVITY_MAXDAYS=30
BOOT_AUTH=1
BOOT_USERS=(left out for secuity reasons)
MIN_PASSWORD_LENGTH=15
NUMBER_OF_LOGINS_ALLOWED=5
PASSWORD_HISTORY_DEPTH=10
PASSWORD_MIN_UPPER_CASE_CHARS=2
PASSWORD_MIN_LOWER_CASE_CHARS=2
PASSWORD_MIN_DIGIT_CHARS=2
PASSWORD_MIN_SPECIAL_CHARS=2
PASSWORD_MAXDAYS=60
PASSWORD_MINDAYS=30
PASSWORD_WARNDAYS=14
SU_ROOT_GROUP=(left out for secuity reasons)
UMASK=022
CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_DEPRECATE=__unix__
LONG_PASSWORD=1

I have tried setting the allowed password lenght to 9, 10, ect up to 15 and none of the options will work. However, it does work if I go back to 8.

Does anyone know why it will not all the user to update their password to one longer than 8?

I'm hoping I'm doing something wrong and its not broken becasue we have several time sensitive projects we can not move forward on until 11.31 is up and running.

Thanks
JD

Steven E. Protter · ‎09-20-2010

Shalom,

You may still be missing a patch for 11.31 HP-UX.

That is the most common cause of this problem.

What is the most recent QPK installed? Also recommend if you have a support contract, searching the patch database.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

VK2COT · ‎09-20-2010

Hello,

Are you using Shadow passwords?
What do these commands report:

# passwd -sa

# userdbget -a

Cheers,

VK2COT

VK2COT - Dusan Baljevic

Hakki Aydin Ucar · ‎09-20-2010

Hi,
If you set this,
MIN_PASSWORD_LENGTH=9

then you attempt with a 8 char long password, does it ask ;Password too short - must be at least 9 characters

JD White · ‎09-21-2010

Steven:

I loaded the September version and just tried to reload it to make sure & there were no missing packages when the analysis finished the Status was "All software skipped."

VK2COT:

passwd -sa: Returned all user names with PS or the any setting that was set to something other than the defaults in /etc/default/security

userdbget -a returned the one user we have that has DISPLAY_LAST_LOGIN=1
set to 0.

Hakki:

I picked a user and as root I reset his passwd to 15 characters.

I then executed "passwd -f username"

I can login with the 15 character password with no problem.

However, I can also login with the first 8 characters of the 15 character password.

Either way it asks me for for my old passwd then my new one. If I try to reset the passwd to a new one with 8,9,10---20 character passwd I get the same message telling me the password must be "at least 15 characters."

Earl_Crowder · ‎09-21-2010

JD,

Make sure you're using shadow passwords. Have you run pwconv? Does /etc/shadow exist?

Earl

JD White · ‎09-21-2010

Earl,

Shadow is active. Got "x" in the password entries and /etc/shadow hash is being updated whenever I update a passwd.

Earl_Crowder · ‎09-21-2010

JD,

have you rebooted? If not, try killing pwgrd and restarting it using "/sbin/init.d/pwgrd start".

My box exhibited the same problem until i restarted that daemon.

Earl

JD White · ‎09-21-2010

Earl

Yes I have rebooted and just to make sure I ran a "/sbin/init.d/pwgrd stop
then "/sbin/init.d/pwgrd start

And the issue still exists.

This appears to be something with my load and not a configuration problem so I've opened a ticket with HP.

If they get it fixed I'll post the problem and solution. In the mean time if anyone has a idea please send it my way.

Thanks

JD

JD White · ‎09-30-2010

The problem was with the sequence we loaded the depots. Even though these depots are available during the initial load from the release media.

PHI11i3_B.11.31.02.depot

NumericUser_B.11.31.0809.03_HP-UX_B.11.31_IA_PA

LongPass11i3web0911.depot

I you want it to work you can not load them until after you have run "pwconv".

You also have to make sure you load PHI11i3 before LongPass11i3.

Good luck and thank to Roxanne on the help desk for leading me to the light. :-)

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: 11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8

11.31 Long Passwd Issue MIN_PASSWD_LENGTH > 8