Manualshelf

G06.32 Software Installation and Upgrade Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
G06.32 Installation and Fallback Alerts
G06.32 Software Installation and Upgrade Guide546068-002
2-19
Safeguard Password Enhancements (G06.29)
2. Back up current Safeguard files ($*.SAFE.*, $SYSTEM.SYSTEM.USERID, and
$SYSTEM.SYSTEM.USERAX).
3. Use SAFECOM to build an OBEY file to save the current policy. To create an
OBEY file, enter these SAFECOM commands:
TACL> safecom/out $system.saef.safevalu
=display as commands on
=info safeguard, detail
The output from these commands is retained in a file named SAFEVALU located in
$SYSTEM.SAFE.
4. Once the new Safeguard version is installed, run the OBEY file SAFEVALU,
created in step 3 in SAFECOM.
If unexpected failures occur, you can restore the files that you backed up in Step 2.
If you do not follow these migration steps and you do not want to accept the new
default attribute values, then once the new version of SAFEGUARD is installed, use
SAFECOM to change the appropriate attribute values.
For more details, see Section 10 of the
Safeguard Administrator's Manual
.
Fallback Considerations
Because of the new password encryption algorithm, fallback requires advance
planning.
In all cases, fall back to the previous version of security software.
If PASSWORD-ENCRYPT is OFF or PASSWORD-ALGORITHM is set to DES, no
extra fallback steps are required.
If PASSWORD-ENCRYPT is HMAC256, extra fallback steps are required. When users
first change their password after HMAC256 is enabled, they must remember their
immediate previous password. This is especially important for the system
administrator. After installing the previous version of Safeguard and Standard Security:
1. Before starting Safeguard, the system administrator must log in with the old
password. The old password is the one used before the algorithm was changed to
HMAC256.
2. Start Safeguard.
3. The system administrator must set a grace period for users to change their expired
passwords.
4. Users are prompted to change their password when logging into the system if:
Note. When migrating to the enhanced password feature, if you do not follow the preceding
migration steps or if you do not want to accept the new password configuration default values,
use SAFECOM to modify the appropriate attributes after the new version is installed.