Contact Us Contact Us

HP-UX Password Hash Infrastructure

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications
Select
Overview

HP-UX Password Hash Infrastructure (PHI) enhances the security on HP-UX 11i version 2. HP-UX PHI provides a new SHA512-based algorithm for user password hashes as an alternative to the traditional, DES-based password hash algorithm. HP-UX PHI is only available on systems with shadowed passwords.

Features and Benefits

HP-UX PHI provides the following benefits to HP-UX systems with shadowed passwords:

  • Strong hashing for user passwords stored in /etc/shadow
    HP-UX PHI provides system administrators with the option of using a new SHA512-based password hash algorithm in place of the older, DES-based password algorithm.
  • Co-existence between DES-based and SHA512-based passwords
    HP-UX PHI allows successful authentication with and management of passwords which are hashed using different algorithms. In the /etc/shadow file some users' passwords can be hashed with the DES-based algorithm, while other users' passwords may be hashed with the new SHA512-based algorithm.
  • Migration from one password hash algorithm to another
    HP-UX PHI allows a convenient method of gradual and seamless migration of password hashes from one algorithm to another.
  • Cross-vendor compatibility
    Hashes from the new algorithm are prefixed with $6$. This allows password hashes to be used across different vendor systems, provided that the other vendors have also implemented the same algorithm.

Requirements and Restrictions:

HP-UX PHI has the following requirements and restrictions:

  • Requires HP-UX 11i version 2, September 2004 or later.
  • Can be installed only on systems with shadowed passwords (that is, with passwords stored in the /etc/shadow file).
  • Supported with files, but is not supported with other nameserver switch backends, such as NIS or NIS+. To configure your system to use only files, ensure that the passwd: line in /etc/nsswitch.conf contains only files.
  • To use HP-UX PHI with SSH, you must install HP-UX Secure Shell A.04.70.004 or later from Software Depot, https://h20392.www2.hpe.com/portal/swdepot/index.dom . Also, you must set "UsePAM yes" in /etc/opt/ssh/sshd_config .
  • Some third party applications may assume that password hashes are DES-based only. These applications would not function correctly with HP-UX PHI.
 
Additional product information
Product #: PHI
Version: B.11.23.01
Software specification: HP-UX 11i v2 September 2004 or later(PHI_B.11.23.01_HP-UX_B.11.23_IA_PA.depot)
Installation
Select