H06.06 Release Version Update Compendium
Manageability Products
H06.06 Release Version Update Compendium—542486-001
6-4
Additional Technical Information
If ALGORITHM is set to HMAC256:
•
When users first change their password after HMAC256 is enabled, they must
remember their immediate previous password.
•
After fallback, users must use their old password to log into the system if one of
these statements is true:
°
Their user account existed before the installation of the H03 version of
Standard Security.
°
They are new users whose password was encrypted in DES or not encrypted
at all before ALGORITHM was changed to HMAC256.
•
If new users were added to the system after ALGORITHM was changed to
HMAC256, they must use a blank password to log into the system.
Additional Technical Information
•
The password configuration attributes PROMPTPASSWORD, BLINDPASSWORD,
ENCRYPTPASSWORD and PASSWORD MINIMUM LENGTH are duplicated in
the $SYSTEM.SAFE.CONFIGP file so that Safeguard and Standard Security can
access them. Any change in these attributes is updated in the
$SYSTEM.SAFE.CONFIGP file only. As a result, Safeguard is enhanced to obtain
the values of the these attributes from the $SYSTEM.SAFE.CONFIGP file instead
of the $SYSTEM.SAFE.CONFIG file.
•
The password history record is maintained and updated in the
$SYSTEM.SYSTEM.USERID and $SYSTEM.SYSTEM.USERAX files as long as
encryption is either DES-based or OFF. However, if HMAC256 is enabled, the
password history is kept up to date only in USERAX. Therefore, after fallback, you
might not see the same password history as before fallback.
•
When you move a copy of the USERID file from one system to another, you must
also move its associated USERAX file. In addition, consider also moving
$SYSTEM.SAFE.* when performing this type of operation.