Manualshelf

G06.29 Release Version Update Compendium

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Manageability Products
G06.29 Release Version Update Compendium542946-001
6-4
Migration With Standard Security (Safeguard Not
Installed)
5. If new users were added to the system after PASSWORD-ALGORITHM was
changed to HMAC256, the system administrator must reset their passwords to
enable them to log into the system. Otherwise, the users cannot access the system
after fallback.
Migration With Standard Security (Safeguard Not Installed)
When the new version is installed, use the new PWCONFIG utility to modify the
appropriate attributes if you do not want to accept the new default values.
Fallback With Standard Security (Safeguard Not Installed)
In all cases, install the previous version of Standard Security.
If ENCRYPTPASSWORD is OFF or ALGORITHM is set to DES, no extra fallback
steps are required.
If ALGORITHM is set to HMAC256:
When users first change their password after HMAC256 is enabled, they must
remember their immediate previous password.
After fallback, users must use their old password to log into the system if one of
these statements is true:
°
Their user account existed before the installation of the new version of
Standard Security.
°
They are new users whose password was encrypted in DES or not encrypted
at all before ALGORITHM was changed to HMAC256.
If new users were added to the system after ALGORITHM was changed to
HMAC256, they must use a blank password to log into the system.
Fallback Considerations for OSS ACLs
The Safeguard configuration attribute AUDIT-CLIENT-GUARDIAN, which is a
synonym for AUDIT-CLIENT-SERVICE, is no longer available after fallback.
To audit OSS related operations after fallback, you must enable the Safeguard
configuration attribute AUDIT-CLIENT-SERVICE.
Switch to next audit file by using the SAFECOM NEXTFILE command.
Additional Technical Information
The password configuration attributes PROMPTPASSWORD, BLINDPASSWORD,
ENCRYPTPASSWORD and PASSWORD MINIMUM LENGTH are duplicated in
the $SYSTEM.SAFE.CONFIGP file so that Safeguard and Standard Security can
access them. Any change in these attributes is updated in the
$SYSTEM.SAFE.CONFIGP file only. As a result, Safeguard is enhanced to obtain