HPE Community
Operating System - HP-UX
1753792 Members
7500 Online
108799 Solutions
New Discussion юеВ

Password length and other restrictions

 
SOLVED
Go to solution
Nellian Solaiappan
Frequent Advisor

тАО03-29-2005 09:42 AM

тАО03-29-2005 09:42 AM

Password length and other restrictions

Hi All
Im running HP UX 11.0 and I want to set minimum password length and force atleast 1 Upper case and 1 numeric or special character in the password. Can i do this by setting the /etc/security file?
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_LENGTH=8

Will this work for HP UX 11.0?

Regards
Nell

0 Kudos
9 REPLIES 9
Uday_S_Ankolekar
Honored Contributor

тАО03-29-2005 09:51 AM

тАО03-29-2005 09:51 AM

Re: Password length and other restrictions

If you convert your system to "Trusted" these all features gets enabled. Look in SAM for security features.

-USA..
Good Luck..
0 Kudos
Rick Garland
Honored Contributor

тАО03-29-2005 09:59 AM

тАО03-29-2005 09:59 AM

Re: Password length and other restrictions

You could do this in the /etc/security file without having to go trusted.

Note:
Be careful with the passwd length. Some apps still do not take passwds over 8 characters.
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

тАО03-29-2005 10:01 AM

тАО03-29-2005 10:01 AM

Re: Password length and other restrictions

While these features are all available under 11.11 Trusted systems, I think the only one supported under 11.0 in the minimum length. 11.0 also has an "Enforce Rules" restriction option that essentially ran the password through spell and if found rejected the password. I don't have an 11.0 box handy to check this but what does a man 4 security on an 11.0 box do. I suspect there is no man page and thus the options are not available.
If it ain't broke, I can fix that.
0 Kudos
Joseph Loo
Honored Contributor

тАО03-29-2005 10:20 AM

тАО03-29-2005 10:20 AM

Re: Password length and other restrictions

hi,

a few questions first:

1) is the system trusted?
2) what is the current patch level for "libpam and libpam_unix"? do this to check:

# swlist -l fileset|grep libpam

regards.
what you do not see does not mean you should not believe
0 Kudos
Nellian Solaiappan
Frequent Advisor

тАО03-29-2005 10:25 AM

тАО03-29-2005 10:25 AM

Re: Password length and other restrictions

This is the current Patch level for libpam

# PHCO_26089 1.0 libpam and libpam_unix cumulative patch

Regards
Nell
0 Kudos
Joseph Loo
Honored Contributor

тАО03-29-2005 10:34 AM

тАО03-29-2005 10:34 AM

Solution

Re: Password length and other restrictions

hi,

based on that patch u should be able to do the setting as follow based on the patch notes taken from PHCO_24390 :

In addition to the standard password requirements, optional entries in the file /etc/default/security specify the minimum number of required characters of each type (upper case characters, lower case characters, digits and special characters) in a new password.

PASSWORD_MIN_UPPER_CASE_CHARS=N
PASSWORD_MIN_LOWER_CASE_CHARS=N
PASSWORD_MIN_DIGIT_CHARS=N
PASSWORD_MIN_SPECIAL_CHARS=N

The default value for N is 0. These parameters have effect only when a password is changed. On untrusted systems, these parameters do not apply to the root user.

The file /etc/default/security should be owned by root and have 0644 permissions.

As an example, to require passwords at least 8 characters long, composed of at least 5 upper case characters, 2 lower case characters and a digit, include the following lines in /etc/default/security, as specified above:

PASSWORD_MIN_UPPER_CASE_CHARS=5
PASSWORD_MIN_LOWER_CASE_CHARS=2
PASSWORD_MIN_DIGIT_CHARS=1


regards.
what you do not see does not mean you should not believe
0 Kudos
Nellian Solaiappan
Frequent Advisor

тАО03-29-2005 10:39 AM

тАО03-29-2005 10:39 AM

Re: Password length and other restrictions

Can anyone give me the list of all that can be set up in the etc/default/security file?

Regards
Nell
0 Kudos
Joseph Loo
Honored Contributor

тАО03-29-2005 10:59 AM

тАО03-29-2005 10:59 AM

Re: Password length and other restrictions

hi,

refer to this doc unless u can do "man 4 security":

http://docs.hp.com/en/B2355-60103/security.4.html

regards.
what you do not see does not mean you should not believe
0 Kudos
Nellian Solaiappan
Frequent Advisor

тАО03-29-2005 11:04 AM

тАО03-29-2005 11:04 AM

Re: Password length and other restrictions

Thanks Joseph!
I was able to set up my server :)

Regards
Nell
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.