HPlogo HP Security Monitor/iX Manager's Guide: HP 3000 MPE/iX Computer Systems > Chapter 3 Managing System Users with Passwords and Logon Restrictons

Encrypting Passwords
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

To enable password encryption, select Option 1 in the Global Security Options Menu. With the feature enabled, new passwords are automatically encrypted the first time they are entered in the system. This applies to all passwords: account, group, and user. Device passwords are always encrypted, whether encryption is enabled or not.

Discussion

With password encryption turned on, a new password is automatically encrypted before it is stored in the system directory. In that way, only the person entering the password ever sees its unencrypted form.

The encryption facility is strictly one way. Even if you know the encryption algorithm, you cannot reconstruct a password in plain language from its encrypted version.

NOTE: The MPE/iX commands that display passwords (:LISTUSER, :LISTGROUP, and :LISTACCT) will not display passwords when they are in encrypted form.

MPE/iX lets you gradually convert from unencrypted to encrypted passwords by allowing both to exist side by side. The system keeps track of which passwords are encrypted and which are not. Users do not see a difference between using an encrypted or unencrypted password. As new passwords are added or old ones changed, the system encrypts them automatically.

Effects of Password Encryption

Password encryption may produce the following effects:

  • Some job scheduler programs that obtain passwords directly from the directory will not work when passwords are encrypted.

  • Any utility that gets passwords from the directory will not function properly if passwords are encrypted.

  • Since encrypted passwords are not compatible with MPE releases prior to 5.0, you will have to remove them in order to move back to a previous release. The HP Security Monitor provides a reset facility that will remove all encrypted passwords on a system.

  • When the System Manager turns on password encryption, existing passwords are not automatically encrypted. Turning password encryption on means that the next time a password is created or changed, it will be stored in an encrypted form.

  • When using the STORE/RESTORE facility to backup a directory that has an associated encrypted password, only systems which are using 5.0 or later releases will retain the password information. If the backup restores to a earlier release, the Security Monitor information will not be restored and the PASSWORD field will be left blank.



Password Aging
  		 


Enforcing Minimum Password Lengths  
Feedback to webmaster