Contact Us Contact Us

HP-UX Password Hash Infrastructure for HP-UX 11i v3

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications

HP-UX Password Hash Infrastructure for HP-UX 11i v3 (PHI11i3) enhances the security on HP-UX 11i version 3. HP-UX PHI11i3 provides a new, SHA512-based algorithm for user password hashes as an alternative to the traditional, DES-based password hash algorithm. HP-UX PHI11i3 is only available on systems with shadowed passwords.

Features and Benefits

HP-UX PHI11i3 provides the following benefits to HP-UX systems with shadowed passwords:

  • Strong hashing for user passwords stored in /etc/shadow
    HP-UX PHI11i3 provides system administrators with the option of using a new, SHA512-based password hash algorithm in place of the older, DES-based password algorithm.
  • Co-existence between DES-based and SHA512-based passwords
    HP-UX PHI11i3 allows successful authentication with and management of passwords which are hashed using different algorithms. In the /etc/shadow file some users' passwords can be hashed with the DES-based algorithm, while other users' passwords may be hashed with the new SHA512-based algorithm.
  • Migration from one password hash algorithm to another
    HP-UX PHI11i3 allows a convenient method of gradual and seamless migration of password hashes from one algorithm to another.
  • Cross-vendor compatibility
    Hashes from the new algorithm are prefixed with $6$. This allows password hashes to be used across different vendor systems, provided that the other vendors have also implemented the same algorithm.

Requirements and Restrictions:

HP-UX PHI11i3 has the following requirements and restrictions:

  • Requires HP-UX 11i version 3.
  • Can be installed only on systems with shadowed passwords (that is, with passwords stored in the /etc/shadow file).
  • Supported with files, but is not supported with other nameserver switch backends, such as NIS. To configure your system to use only files, ensure that the passwd: line in /etc/nsswitch.conf contains only files.
  • To use HP-UX PHI11i3 with SSH, you must install HP-UX Secure Shell A.05.00.26 or later from Software Depot, . Also, you must set "UsePAM yes" in /etc/opt/ssh/sshd_config .
  • To use the pcnfsd commands with HP-UX PHI11i3, you must install ONCplus B.11.31.02 from Software Depot, .
  • Some third party applications may assume that password hashes are DES-based only. These applications would not function correctly with HP-UX PHI11i3.
Additional product information
Product #: PHI11i3
Version: B.11.31.02
Software specification: HP-UX 11i v3(PHI11i3_B.11.31.02.depot)