HP-UX Password Hashing Infrastructure B.11.23.01 Release Notes, Ed. E001

The default hash algorithm is method 6, a newer hash algorithm based on SHA-512. If the attribute

CRYPT_DEFAULT is not defined in /etc/default/security, the default value is __unix__.

The CRYPT_DEFAULT and CRYPT_ALGORITHMS_DEPRECATE attributes can be used as follows:

• CRYPT_DEFAULT=__unix__

The default hash algorithm is the traditional DES-based algorithm.

• CRYPT_DEFAULT=6

Sets the default password hash algorithm to an SHA512-based algorithm. For each new

user, the password hash will be SHA512-based.

• CRYPT_DEFAULT=6

CRYPT_ALGORITHMS_DEPRECATE=__unix__

Migrates the DES-based password hashes to SHA512-based hashes. For each user, the

DES-based password (denoted by __unix__) will be replaced with a SHA512-based one

(denoted by 6) during the next password change.

NOTE: The value of CRYPT_DEFAULT should not be present in

CRYPT_ALGORITHMS_DEPRECATE.

1.5 HP-UX PHI Compatibility Information and Installation Requirements

The minimum requirements to install and run HP-UX PHI B.11.23.01 are as follows:

• Hardware Requirements:

— HP 9000 Computers

— HP Integrity Servers

• Operating System Requirements:

— HP-UX 11i v2, September 2004 or later

• Patch Requirements:

— All required patches are included with the HP-UX PHI bundle

• Security Settings:

— The system should have shadowed passwords (stored in /etc/shadow)

• Supported with files, but is not supported with other nameserver switch backends, such

as NIS or NIS+. To configure your system to use only files, ensure that the passwd: line in

/etc/nsswitch.conf contains only files.

• To use HP-UX PHI with SSH, you must install HP-UX Secure Shell A.04.70.004 or later from

Software Depot:

http://www.software.hp.com

• Some third party applications may assume that password hashes are DES-based only. These

applications would not function correctly with HP-UX PHI.

1.5 HP-UX PHI Compatibility Information and Installation Requirements 7