Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Encryption and User Account Passwords
Note This information does not apply to Lightweight Directory Access Protocol (LDAP) or Common Access Card (CAC) accounts.
NNMi user accounts created using the NNMi console are stored in the NNMi database. The passwords for these users are hashed and stored in the database.
When users sign into the NNMi console, or use a command line interface (CLI) tool, the password that they provide is hashed and compared to the hashed value stored in the database. If the user provides the correct password, these two hashed strings match, and the user is authenticated.
Earlier versions of NNMi (9.x) used encryption algorithms for hashing user passwords, which are now considered outdated. NNMi uses a stronger algorithm for user account passwords. However, since hashes are one-way encryption, it is not possible to decrypt and then re-encrypt the user passwords during and upgrade from NNMi 9.x to 10.x.
On upgrade, all existing users still have their passwords stored in the database using the legacy encryption algorithm. However, when a user whose password has been hashed using the legacy algorithm successfully logs on, the password they provided is automatically re-encrypted using the new hash algorithm specified in the crypto configuration files.
This means all passwords are updated to the new algorithm slowly over time, as each user logs in for the first time after upgrade. The same is true if the crypto configuration is changed in the future. User passwords are upgraded to the new hash algorithm on the next successful logon.
-
Upgrading user passwords depends on the presence of the earlier legacy algorithm (for example, MD5) listed in the
<allowed>block. Therefore, keep the earlier legacy algorithm listed in the<allowed>block until all passwords have been migrated. - Without the presence of the earlier legacy algorithm in the
<allowed>block, the existing passwords hashed in the database are not able to be re-hashed. Therefore, associated users are not be able to log on, and NNMi is not able to re-encrypt passwords using the new algorithm. - If the earlier legacy algorithm has been removed from the
<allowed>block, the administrator must either delete and recreate the users affected, or reset the respective passwords for users whose passwords were encrypted with earlier legacy algorithms.
Use the following command to determine whether a user’s password is using the algorithm listed in the crypto configuration file, or the user’s password is encrypted with earlier legacy algorithms no longer specified in the crypto configuration file:
nnmsecurity.ovpl -listUserAccounts legacy
See the nnmsecurity.ovpl reference page, or the Linux manpage, for more information.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: