Manualshelf

H06.12 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration
51525354555657585960
password is retained in L/USERID. When users change their password, the old password in
L/USERID is marked as expired as of that date. For a new user added to the system after the
algorithm is changed to HMAC256, the password in L/USERID file is deleted.
Migration in a Safeguard Environment
The following procedure is intended to handle any unexpected failures that might occur during
Safeguard migration. The procedure preserves the user/password database, which is necessary
to restore the original system user/alias database.
1. Use VPROC to determine the current versions of:
OSMP
OSMON
SAFEART
SAFECOM
2. Back up current Safeguard files ($*.SAFE.*, $SYSTEM.SYSTEM.USERID, and
$SYSTEM.SYSTEM.USERAX).
3. Use SAFECOM to build an OBEY file to save the current policy. To create an OBEY file, do
the following in SAFECOM:
TACL> safecom/out $system.safe.safevalu
=display as commands on
=info safeguard, detail
The output from these commands is retained in a file named SAFEVALU located in
$SYSTEM.SAFE.
4. To restore the original settings, run the OBEY file SAFEVALU, created in step 3, in SAFECOM.
If you do not follow the preceding migration steps and you do not want to accept the new default
values, then after the new version is installed, use SAFECOM to modify the appropriate attributes.
For more details, see Chapter 10 of the Safeguard Administrator's Manual.
Fallback in a Safeguard Environment
Because of the new password encryption algorithm, fallback requires advance planning.
In all cases, fall back to the previous version of security software.
If PASSWORD-ENCRYPT is OFF or PASSWORD-ALGORITHM is set to DES, no extra fallback
steps are required.
If PASSWORD-ENCRYPT is HMAC256, extra fallback steps are required. When users first change
their password after HMAC256 is enabled, they must remember their immediate previous
password. This is especially important for the system administrator. After installing the previous
version of Safeguard and Standard Security:
1. Before starting Safeguard, the system administrator must log on with the old super ID
password. The old password is the one used before the algorithm was changed to HMAC256.
2. Start Safeguard.
3. The system administrator must set a grace period for users to change their expired passwords.
54 H06.12 Installation, Migration, and Fallback Considerations