Manualshelf

G06.29 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Overview of Installing G06.29
G06.29 Software Installation and Upgrade Guide542744-003
1-43
Password Enhancements and OSS ACL Support
Attributes specific to the PASSWORD utility of Standard Security are:
All attributes are applied as each user changes their password.
Password Encryption
If PASSWORD-ALGORITHM is DES or PASSWORD-ENCRYPT is OFF, the password
(DES-encrypted or in clear text, respectively) is written to both the existing L/USERID
and the new L/USERAX files. This approach allows for direct fallback to earlier
versions of Safeguard and Standard Security.
If you enable the new HMAC256 encryption option, each subsequently changed
password is encrypted using HMAC with the SHA256 algorithm and stored in
L/USERAX. Because earlier versions of the security products do not understand
HMAC, fallback requires extra steps. For additional information, see Fallback
Considerations for Password Encryption on page 1-44 and Fallback With Standard
Security (Safeguard Not Installed) on page 1-45. To assist fallback after PASSWORD-
ALGORITHM is set to HMAC256, the DES or clear-text version of each preexisting
password is retained in L/USERID. When users change their password, the old
password in L/USERID is marked as expired as of that date. For a new user added to
the system after the algorithm is changed to HMAC256, the password in L/USERID file
is deleted.
Support for OSS Access Control List
The G07 version of Safeguard and the G06 version of Standard Security are enhanced
to support the OSS Access Control List (ACL) feature. A new security group,
SECURITY-OSS-ADMINISTRATOR, and a new Safeguard configuration attribute,
AUDIT-CLIENT-OSS, are provided to support this feature.
Migration Considerations
Follow these migration steps:
1. Use VPROC to determine the current versions of:
OSMP
OSMON
SAFEART
SAFECOM
2. Back up current Safeguard files ($*.SAFE.* and $SYSTEM.SYSTEM.USERID).
Attribute
Previous
Default Value
New
Default Value
ENCRYPTPASSWORD OFF ON
MINPASSWORDLEN 0 6
PROMPTPASSWORD OFF BLIND