Manualshelf

H06.10 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration
51525354555657585960
Filesys LibrariesZZOSSWFSRLT9228
OSSFSLIBZOSSESRLT9627
MC Runtime LibraryZUTILSRLT9661
OSS packaging for all the precedingT8888PAX
For reporting problems with any of these SRLs in H-series systems, you should specify the new
T-number T8888. The fix will be available via T8888. If you do report a problem against the old
T-number (for example, T8432 for ZCRTLSRL), the fix will still be available via T8888.
NetBatch
New NetBatch features require that Enform Plus (T0295) be installed on your system. In Enform
Plus is not installed or licensed, an error occurs.
New Safeguard Attribute Defaults
The default values of certain attributes have been changed in the H03 version of Safeguard and
Standard Security in order to increase the “out of box” password security. Customers who do
not wish to adopt the new defaults can follow the normal migration steps for Safeguard.
Customers using Standard Security alone are impacted by this change.
Attributes specific to Safeguard configuration are:
New Default ValuePrevious Default ValueAttribute
ONOFFPASSWORD-ENCRYPT
60PASSWORD-MINIMUM-LENGTH
Attributes specific to the PASSWORD utility of Standard Security are:
New Default ValuePrevious Default ValueAttribute
ONOFFENCRYPTPASSWORD
60MINPASSWORDLEN
BLINDOFFPROMPTPASSWORD
All attributes are applied as each user changes their password.
Safeguard Password Encryption
The H03 and later versions of Safeguard and Standard Security improve the cryptology of the
user passwords in the Integrity NonStop server environments.
If PASSWORD-ALGORITHM is DES or PASSWORD-ENCRYPT is OFF, the password
(DES-encrypted or in clear text, respectively) is written to both the existing L/USERID and the
new L/USERAX files. This approach allows for direct fallback to prior versions of Safeguard and
Standard Security.
If you enable the new HMAC256 encryption option, each subsequently changed password is
encrypted using HMAC with the SHA256 algorithm and stored in L/USERAX. Because earlier
versions of the security products do not understand HMAC, fallback requires extra steps. For
additional information, see “Fallback in a Safeguard Environment” (page 52) and “Fallback With
Standard Security (Safeguard Not Installed)” (page 53). To assist fallback after
PASSWORD-ALGORITHM is set to HMAC256, the DES or clear text version of each preexisting
password is retained in L/USERID. When users change their password, the old password in
NetBatch 51