Manualshelf

HP-UX Password Hashing Infrastructure B.11.23.01 Release Notes, Ed. E002

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
12345678910
Table 1-2 HP-UX PHI Attributes
DescriptionAttribute
Specifies the default password hash algorithm. It is used when a new
user password is created, and either the user did not have a password
before or the old password was hashed with a deprecated algorithm
(listed in CRYPT_ALGORITHMS_DEPRECATE). The value of
CRYPT_DEFAULT should not be present in
CRYPT_ALGORITHMS_DEPRECATE. This attribute is only valid when
the PHI product is installed.
CRYPT_DEFAULT
Lists the password hash algorithms that must be deprecated when a
user's password is changed. This attribute is only valid when the PHI
product is installed.
CRYPT_ALGORITHMS_DEPRECATE
The default hash algorithm is method 6, a newer hash algorithm based on SHA-512. If the attribute
CRYPT_DEFAULT is not defined in /etc/default/security, the default value is __unix__.
The CRYPT_DEFAULT and CRYPT_ALGORITHMS_DEPRECATE attributes can be used as follows:
CRYPT_DEFAULT=__unix__
The default hash algorithm is the traditional DES-based algorithm.
CRYPT_DEFAULT=6
Sets the default password hash algorithm to an SHA512-based algorithm. For each new
user, the password hash will be SHA512-based.
CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_DEPRECATE=__unix__
Migrates the DES-based password hashes to SHA512-based hashes. For each user, the
DES-based password (denoted by __unix__) will be replaced with a SHA512-based one
(denoted by 6) during the next password change.
NOTE: The value of CRYPT_DEFAULT should not be present in
CRYPT_ALGORITHMS_DEPRECATE.
1.6 HP-UX PHI Compatibility Information and Installation Requirements
The minimum requirements to install and run HP-UX PHI B.11.23.01 are as follows:
Hardware Requirements:
— HP 9000 Computers
— HP Integrity Servers
Operating System Requirements:
— HP-UX 11i v2, September 2004 or later
Patch Requirements:
— All required patches are included with the HP-UX PHI bundle
Security Settings:
— The system should have shadowed passwords (stored in /etc/shadow)
Supported with files, but is not supported with other nameserver switch backends, such
as NIS or NIS+. To configure your system to use only files, ensure that the passwd: line in
/etc/nsswitch.conf contains only files.
1.6 HP-UX PHI Compatibility Information and Installation Requirements 7