Manualshelf

G06.29 Release Version Update Compendium

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Manageability Products
G06.29 Release Version Update Compendium542946-001
6-3
Fallback in a Safeguard Environment
4. When the new version of Safeguard is installed and you want to retain your original
Safeguard values, obey the SAFEVALU file created in Step 3 in SAFECOM.
For more details, see the Safeguard Administrator's Manual.
Fallback in a Safeguard Environment
Because of the new password encryption algorithm, fallback requires advance
planning.
In all cases, fall back to the previous version of security software.
If PASSWORD-ENCRYPT is set to OFF or PASSWORD-ALGORITHM is set to DES,
no extra fallback steps are required.
If PASSWORD-ENCRYPT is HMAC256, extra fallback steps are required. When users
first change their password after HMAC256 is enabled, they must remember their
immediate previous password. This step is especially important for the system
administrator. After installing the previous version of Safeguard and Standard Security:
1. Before starting Safeguard, the system administrator must log in with the old
password. The old password is the one used before the algorithm was changed to
HMAC256.
2. Start Safeguard.
3. The system administrator must set an appropriate grace period for users to change
their expired passwords.
4. Users are prompted to change their password when logging into the system if one
of these statements is true:
Their user account existed before the installation of the new version of
Safeguard.
They are new users and their password was encrypted in DES or not
encrypted at all before PASSWORD-ALGORITHM was changed to HMAC256.
When prompted, users should enter and re-enter a new password and log into the
system as usual.
Note.
When you migrate to the new password encryption feature, if you do not follow the
preceding migration steps or if you do not want to accept the new password configuration
default values, use SAFECOM to modify the appropriate attributes after the new version is
installed.
The Safeguard configuration attribute AUDIT-CLIENT-OSS is set to ON. If you do not want
to audit client subsystems other than OSS, you can disable the Safeguard attribute AUDIT-
CLIENT-GUARDIAN after migration. Use the SAFECOM NEXTFILE command to switch to
next audit file.