HP-UX Shadow Passwords Version B.11.11.02 Product Note HP-UX 11i v1 First Edition Manufacturing Part Number : 5991-0909 December 2004 U.S.A. © Copyright 2004 Hewlett-Packard Development Company L.P.
Legal Notices The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Printed in the US. Confidential computer software. Valid license from HP required for possession, use or copying.
Publication History The manual publication date and part number indicate its current edition. The publication date will change when a new edition is released. The manual part number will change when extensive changes are made. To receive the new editions, you must subscribe to the appropriate product support service. Contact your HP sales representative for details. • First Edition: December 2004, 5991-0909, HP-UX 11i v1 (B.11.11) CD-ROM (Software Pack December 2004) and Web (http://docs.hp.
Conventions Following are the typographical conventions that are used in this Product Note. iv audit (5) An HP-UX manpage. audit is the name and 5 is the section in the HP-UX Reference. On the web and on the Instant Information CD, it may be a hot link to the manpage itself. From the HP-UX command line, you can enter “man audit” or “man 5 audit” to view the manpage. See man (1). Book Title The title of a book. On the web and on the Instant Information CD, it may be a hot link to the book itself.
Contents 1. HP-UX Shadow Passwords Product Note Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Features and benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Requirements and restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents vi
HP-UX Shadow Passwords Product Note Overview 1 HP-UX Shadow Passwords Product Note Overview Increasing computational power available to password crackers has made the non-hidden passwords in the UNIX /etc/passwd file vulnerable to decryption. Shadow Passwords enhance system security by hiding user-encrypted passwords in a shadow password file. Usually, encrypted passwords are stored in the /etc/passwd file that is accessible to all users.
HP-UX Shadow Passwords Product Note Overview This product may be used with the LDAP-UX Integration product version B.03.00 or later. The most recent version is available on the web at http://software.hp.com. This product may be used with Ignite-UX version B.4.1 or later. This product may be used with ServiceGuard. If the intention is to use the HP Cluster Object Manager to connect to a system that has Shadow Passwords installed, then you must upgrade the Cluster Object Manager to version B.02.02.00.
HP-UX Shadow Passwords Product Note Additional Documentation Additional Documentation For more information on Shadow Passwords, see the following manual pages: Chapter 1 • pwconv (1m) • pwunconv (1m) • pwck (1m) • passwd (1) • getspent (3c) • putspent (3c) • passwd (4) • shadow (4) • security (4) 3
HP-UX Shadow Passwords Product Note Installation Information Installation Information The associated patches and the instructions for installing the ShadowPassword bundle are described in this section. Required and optional enablement patches The ShadowPassword bundle contains three kinds of products: NOTE • The ShadowPW product - new files to support Shadow Passwords.
HP-UX Shadow Passwords Product Note Installation Information # Contacting target "localhost"... # # Target: localhost:/ # ShadowPW.SHADOW B.11.11.02 HP-UX 11.11 Shadow Password Enablement Step 6. Once the patches are installed, the system can use Shadow Passwords by running the pwconv command. This will convert the entries in the /etc/passwd file into the appropriate format in the /etc/shadow file. Step 7. Reboot the system. Shadow Passwords is now available.
HP-UX Shadow Passwords Product Note Disabling and Removing Shadow Passwords Disabling and Removing Shadow Passwords Complete the following procedure to disable ShadowPassword and switch back to standard passwords: Step 1. Login as root. Step 2. Run pwunconv. NOTE Skipping the above step may not allow your system to boot in multi-user mode. Step 3. Reboot the system. Step 4. Ensure that the /etc/shadow file does not exist and that passwords are in the /etc/password file. Step 5. Run swremove ShadowPW.