H06.08 Software Installation and Upgrade Guide
H06.08 Installation, Migration, and Fallback
Considerations
H06.08 Software Installation and Upgrade Guide—543573-001
2-18
Migration With Standard Security (Safeguard Not
Installed)
3. The system administrator must set a grace period for users to change their expired
passwords.
4. Users are prompted to change their password when logging into the system if:
•
Their user account existed before the installation of the H03 version of
Safeguard, or
•
They are new users and their password was encrypted in DES or not
encrypted at all before PASSWORD-ALGORITHM was changed to HMAC256.
When prompted, users should enter and re-enter a new password and log into the
system as usual.
5. For new users that were added to the system after PASSWORD-ALGORITHM was
changed to HMAC256, the system administrator must reset their passwords to
enable them to log into the system. Otherwise, the users cannot access the system
after fallback.
Migration With Standard Security (Safeguard Not Installed)
Once the new version is installed, use the new PWCONFIG utility to modify the
appropriate attributes if you do not want to accept the new default values.
Fallback With Standard Security (Safeguard Not Installed)
In all cases, install the previous version of Standard Security.
If ENCRYPTPASSWORD is OFF or ALGORITHM is set to DES, no extra fallback
steps are required.
If ALGORITHM is set to HMAC256:
•
When users first change their password after HMAC256 is enabled, they must
remember their immediate previous password.
•
After fallback, users must use their old password to log into the system if:
°
Their user account existed before the installation of the H03 version of
Standard Security, or
°
They are new users whose password was encrypted in DES or not encrypted
at all before ALGORITHM was changed to HMAC256.
•
If a user was added to the system after ALGORITHM was changed to HMAC256,
they must use a blank password to log into the system.