H06.11 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration

Safeguard Password Quality Enhancements

The T6533H04^ABM and later versions of Standard Security and the T9750H04^AFC and later

versions of Safeguard, initially released with the H06.09 RVU, provide these additional password

enhancements:

• Option to enforce certain rules governing user or alias passwords

• Use of embedded spaces in user or alias passwords

The following new attributes are introduced:

DescriptionAttribute

When set to ON, passwords must contain at least one uppercase

character.

PASSWORD-UPPERCASE-REQUIRED

When set to ON, passwords must contain at least one lowercase

character.

PASSWORD-LOWERCASE-REQUIRED

When set to ON, passwords must contain at least one numeric

character.

PASSWORD-NUMERIC-REQUIRED

When set to ON, passwords must contain at least one special

character (any nonalphanumeric character except for commas, double

quotes, or semicolons).

PASSWORD-SPECIALCHAR-REQUIRED

When set to ON, passwords may optionally contain embedded

spaces.

PASSWORD-SPACES-ALLOWED

Specifies the minimum number of quality criteria that must be met

when a password is set or changed. Valid values are 0 through 4.

PASSWORD-MIN-QUALITY-REQUIRED

The password quality attributes are disabled by default, and must be explicitly enabled through

SAFECOM (if Safeguard is running) or by using the PWCONFIG command. The password

quality attributes take effect only if the PASSWORD-ENCRYPT attribute is set to ON and the

PASSWORD-ALGORITHM attribute is set to HMAC256. In addition, for

PASSWORD-SPACES-ALLOWED to take effect, PASSWORD-COMPATIBILITY-MODE must

be set to OFF.

For more information on the password quality enhancements, see the Password Quality

Enhancements support note.

Migration

There are no migration considerations specific to the quality password feature. However, a

mitigation procedure is available for handling any unexpected failures that might occur during

migration. This procedure is described under “Migration in a Safeguard Environment” (page 54).

Fallback

Embedded spaces in passwords are not supported in pre-H06.09 RVUs. Any user with a password

that contains embedded spaces will be unable to login after fallback. Fallback considerations are:

• Pre-H06.08 RVUs do not support the Safeguard longer password feature. Therefore, when

falling back to a pre-H06.08 RVU, users must first follow the steps described under “Fallback

in a Safeguard Environment” (page 54).

• When falling back to H06.08 or earlier:

— The super ID password must not contain embedded blanks.

— PASSWORD-COMPATIBILITY-MODE must be set to ON.

— Users whose password contains embedded spaces must request a new password.

Safeguard Password Quality Enhancements 57