1748093 Members
5968 Online
108758 Solutions
New Discussion

Password minimum length

 
gia_maria
Frequent Visitor

Password minimum length

Hi, Users,

I've a problem in HP-UX 10.20 with the user's password.

The user should have the password from the 4th symbols, but the system writes "too short, minimum 6 symbols".  There is /tcb/files/auth/ a file with parameters of this password, but the variable which is responsible for the minimum length isn't present. Where there is this value?

 

Thanks for advanse!

4 REPLIES 4
Matti_Kurkela
Honored Contributor

Re: Password minimum length

If either the user-specific file in /tcb/files/auth or the system-wide defaults file /tcb/files/auth/system/default contains :u_restrict:, then the password triviality check is in effect. This may cause very short passwords to be rejected even if minimum length is not explicitly set.

 

If the /etc/default/security file exists and has the "MIN_PASSWORD_LENGTH=6" uncommented, the password is explicitly required to have at least 6 characters.

 

MK
gia_maria
Frequent Visitor

Re: Password minimum length

Thanks, Matti

 

Yes, file /tcb/files/auth/system/default contains parametr :u_restrict@, but /etc/default/security file not exists.

Сan I remove parameter u_restrict@ or deactivate it to have the password from 4th symbols?

Matti_Kurkela
Honored Contributor

Re: Password minimum length

:u_restrict@: actually means "no u_restrict". So the password restriction rules should be disabled system-wide.

(See "man 4 prpwd" for the keywords, and "man 4 authcap" for the general syntax.)

 

Instead of modifying the /tcb/files/auth/* files manually, you should use SAM to modify them.

The "Auditing and Security" section allows you to change the system security policy (e.g. the system-wide settings in /tcb/files/auth/system/default), and the "User and Group Management" section allows you to make exceptions to the system security policy on a per-user basis.

 

When you use SAM to view the per-user security policy, it will automatically display the total effect of the system-wide policy + any per-user exceptions, making it easier to verify that the policy is exactly what you want. It will also protect you from typing mistakes and other syntax errors when modifying the security policy.

 

You might also want to run:

authck -p -v

 to verify that your /etc/passwd and /tcb/files/auth/* files are in agreement and don't contain any typos. If the command reports any errors, use your judgement and fix them as appropriate.

 

MK
gia_maria
Frequent Visitor

Re: Password minimum length

Matti,

the SAM's section don't contain any control for set (reset) the password's minimum length!

A question that control somewhere is and find it I can't!