G06.29 Release Version Update Compendium

G06.29 Release Version Update Compendium—542946-001

6-1

6 Manageability Products

The G06.29 RVU contains new features for these manageability products:

•

Safeguard

•

OSM and TSM

Safeguard

The G07 version of Safeguard and the G06 version of Standard Security improve the

cryptology of user passwords in the NonStop S-series server environments. The

default values of some attributes are changed to increase the "Out of Box" password

security.

If you do not want to adopt the new defaults, you can follow the regular migration steps

for Safeguard. However, if you use Standard Security alone, you will be impacted by

this change.

Attributes specific to Safeguard configuration are:

Attributes specific to the PASSWORD utility of Standard Security are:

All attributes are applied as each user changes his or her password only.

Encryption

If PASSWORD-ALGORITHM is set to DES or PASSWORD-ENCRYPT is set to OFF,

the password (DES-encrypted or in clear text, respectively) is written to both the

existing L/USERID and the new L/USERAX files. This approach allows for direct

fallback to earlier versions of Safeguard and Standard Security.

If you enable the new HMAC256 encryption option, each subsequently changed

password is encrypted using HMAC with the SHA256 algorithm and stored in

L/USERAX. Because earlier versions of the security products do not understand

HMAC, fallback requires extra steps. For additional information, see Fallback in a

Safeguard Environment on page 6-3 and Fallback With Standard Security (Safeguard

Not Installed) on page 6-4.

Attribute Previous Default

Value

New Default

Value

PASSWORD-ENCRYPT OFF ON

PASSWORD-MINIMUM-LENGTH 0 6

Attribute Previous Default

Value

New Default

Value

ENCRYPTPASSWORD OFF ON

MINPASSWORDLEN 0 6

PROMPTPASSWORD OFF BLIND