Manualshelf

H06.07 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration
51525354555657585960
Overview of Installing the H06.07 RVU
H06.07 Software Installation and Upgrade Guide543449-001
1-37
Safeguard
New Attribute Defaults
The default values of certain attributes have been changed in the H03 version of
Safeguard and Standard Security in order to increase the “out of box” password
security. Customers who do not wish to adopt the new defaults can follow the normal
migration steps for Safeguard. Customers using Standard Security alone are impacted
by this change.
Attributes specific to Safeguard configuration are:
Attributes specific to the PASSWORD utility of Standard Security are:
All attributes are applied as each user changes their password.
Encryption
If PASSWORD-ALGORITHM is DES or PASSWORD-ENCRYPT is OFF, the password
(DES-encrypted or in clear text, respectively) is written to both the existing L/USERID
and the new L/USERAX files. This approach allows for direct fallback to prior versions
of Safeguard and Standard Security.
If you choose to enable the new HMAC256 encryption option, each subsequently
changed password is encrypted using HMAC with the SHA256 algorithm and stored in
L/USERAX. Because earlier versions of the security products do not understand
HMAC, fallback requires extra steps. For additional information, see Fallback in a
Safeguard Environment on page 1-38 and Fallback With Standard Security (Safeguard
Not Installed) on page 1-39. To assist fallback after PASSWORD-ALGORITHM is set to
HMAC256, the DES or clear text version of each preexisting password is retained in
L/USERID. When users change their password, the old password in L/USERID is
marked as expired as of that date. For a new user added to the system after the
algorithm is changed to HMAC256, the password in L/USERID file is deleted.
Migration in a Safeguard Environment
Follow these migration steps:
1. Use VPROC to determine the current versions of:
Attribute
Previous
Default Value
New
Default Value
PASSWORD-ENCRYPT OFF ON
PASSWORD-MINIMUM-LENGTH 0 6
Attribute
Previous
Default Value
New
Default Value
ENCRYPTPASSWORD OFF ON
MINPASSWORDLEN 0 6
PROMPTPASSWORD OFF BLIND