Manualshelf

H06.06 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration
51525354555657585960
Overview of Installing the H06.06 RVU
H06.06 Software Installation and Upgrade Guide542652-002
1-37
Safeguard
Fallback in a Safeguard Environment
Because of the new password encryption algorithm, fallback requires advance
planning.
In all cases, fall back to the previous version of security software.
If PASSWORD-ENCRYPT is OFF or PASSWORD-ALGORITHM is set to DES, no
extra fallback steps are required.
If PASSWORD-ENCRYPT is HMAC256, extra fallback steps are required. When users
first change their password after HMAC256 is enabled, they must remember their
immediate previous password. This is especially important for the system
administrator. After installing the previous version of Safeguard and Standard Security:
1. Before starting Safeguard, the system administrator must log in with the old
password. The old password is the one used before the algorithm was changed to
HMAC256.
2. Start Safeguard.
3. The system administrator must set a grace period for users to change their expired
passwords.
4. Users are prompted to change their password when logging into the system if:
Their user account existed before the installation of the H03 version of
Safeguard, or
They are new users and their password was encrypted in DES or not
encrypted at all before PASSWORD-ALGORITHM was changed to HMAC256.
When prompted, users should enter and re-enter a new password and log into the
system as usual.
5. For new users that were added to the system after PASSWORD-ALGORITHM was
changed to HMAC256, the system administrator must reset their passwords to
enable them to log into the system. Otherwise, the users cannot access the system
after fallback.
Migration With Standard Security (Safeguard Not Installed)
Once the new version is installed, use the new PWCONFIG utility to modify the
appropriate attributes if you do not want to accept the new default values.
Fallback With Standard Security (Safeguard Not Installed)
In all cases, install the previous version of Standard Security.
If ENCRYPTPASSWORD is OFF or ALGORITHM is set to DES, no extra fallback
steps are required.
If ALGORITHM is set to HMAC256: