HP-UX Password Hashing Infrastructure B.11.23.
© Copyright 2001–2008 Hewlett-Packard Development Company L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX Password Hashing Infrastructure B.11.23.01.....................................................5 1.1 HP-UX PHI Overview.......................................................................................................................5 1.2 HP-UX PHI Features.........................................................................................................................5 1.3 HP-UX PHI Publication History....................................................................
1 HP-UX Password Hashing Infrastructure B.11.23.01 The information in this document is for HP-UX Password Hashing Infrastructure (PHI) version B.11.23.01 only. 1.1 HP-UX PHI Overview HP-UX PHI enhances the security of HP-UX 11i version 2. HP-UX PHI provides a new SHA512-based algorithm for user password hashes as an alternative to the traditional, DES-based password hash algorithm. Traditionally, authentication of users in HP-UX was done using the crypt function.
1.4 HP-UX PHI Documentation Use the following documents in conjunction with each other when using HP-UX PHI B.11.23.01: • HP-UX PHI B.11.23.01 Release Notes • security(4) These documents are located at: http://docs.hp.com 1.5 HP-UX PHI Manpages HP-UX PHI includes a new manpage crypt2(3C) that describes four new crypt functions. The four crypt functions are enhancements to the legacy crypt function (see crypt(3C)).
Table 1-2 HP-UX PHI Attributes Attribute Description CRYPT_DEFAULT Specifies the default password hash algorithm. It is used when a new user password is created, and either the user did not have a password before or the old password was hashed with a deprecated algorithm (listed in CRYPT_ALGORITHMS_DEPRECATE). The value of CRYPT_DEFAULT should not be present in CRYPT_ALGORITHMS_DEPRECATE. This attribute is only valid when the PHI product is installed.
2 Using HP-UX PHI with Other Applications The PHI bundle contains the changes needed for HP-UX 11i v2 to implement SHA-based password hashes. To use HP-UX PHI with the following optional HP applications, you must do the following updates: • To use HP-UX PHI with SSH, you must install HP-UX Secure Shell A.04.70.004 or later from Software Depot: http://www.software.hp.com • To use HP-UX PHI with ONC ENHKEY, you must install ONC ENHKEY version B.11.23.02 from Software Depot: http://www.software.hp.
3 Acquiring and Installing HP-UX PHI HP-UX PHI is available free of charge from Software Depot: http://www.software.hp.com 3.1 Acquiring HP-UX PHI To acquire HP-UX PHI, you must complete the following steps: 1. Go to Software Depot: http://www.software.hp.com. 2. Select Security and manageability. Scroll down and select HP-UX Password Hash Infrastructure. Read the information on the HP-UX PHI release page. 3. Select Receive for Free >> at the bottom of the page. 4. Enter your registration information. 5.
IMPORTANT: The HP-UX PHI functionality is not activated by default after installation. To activate it, you need to edit certain attributes in the /etc/default/security file. For more information, see the description of the CRYPT_DEFAULT and CRYPT_ALGORITHMS_DEPRECATE attributes in the security(4) manpage. To remove (un-install) HP-UX PHI B.11.23.01 from your HP-UX 11i v2 systems, you must complete the following steps: 1. 2. Logon to your system as the root user.
4 Known Problems in HP-UX PHI B.11.23.01 HP-UX PHI B.11.23.01 contains no known problems.
