HPE Community
Operating System - HP-UX
1760558 Members
2866 Online
108894 Solutions
New Discussion юеВ

Re: Password Depth in Trusted Systems

 
SOLVED
Go to solution
Ryan B
Frequent Advisor

тАО07-24-2002 10:51 AM

тАО07-24-2002 10:51 AM

Password Depth in Trusted Systems

I am running 11.00 and Trusted Systems

I am setting PASSWORD_HISTORY_DEPTH=10 and from other things I read, it appears it's system wide, but is there a way to exclude specific users from this history depth on a given box when the depth is set?

Thanks in advance for the help!
0 Kudos
Reply
5 REPLIES 5
doug hosking
Esteemed Contributor

тАО07-25-2002 02:08 AM

тАО07-25-2002 02:08 AM

Re: Password Depth in Trusted Systems

Sorry, but there is no (sane) way to do that.
To bypass it you would have to temporarily
alter/rename /etc/default/security or remove
the corresponding history file for the
user(s) you want to exempt.
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

тАО07-25-2002 02:17 AM

тАО07-25-2002 02:17 AM

Re: Password Depth in Trusted Systems


It says it clearly in the man page - once this feature is set it applies to ALL users.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
James Beamish-White
Trusted Contributor

тАО07-25-2002 03:11 AM

тАО07-25-2002 03:11 AM

Re: Password Depth in Trusted Systems

From the manual - "Once the feature is enabled, all the users on the system are subject to the same check."

If you want to achieve this, you may have to reseach HP's implementation of C2 security, figure out where the password history is held, and edit it as root to remove 'old' passwords.

Cheers,
James
GARDENOFEDEN> create light
0 Kudos
Reply
James Beamish-White
Trusted Contributor

тАО07-25-2002 03:13 AM

тАО07-25-2002 03:13 AM

Solution

Re: Password Depth in Trusted Systems

Try looking in /tcb/files/auth/system/pwhist

Cheers,
James
GARDENOFEDEN> create light
Reply
Ryan B
Frequent Advisor

тАО07-25-2002 09:51 AM

тАО07-25-2002 09:51 AM

Re: Password Depth in Trusted Systems

Thanks to everyone who replied. I understand the man page/ documentation, but sometimes when you have a test box you have to try things. Anyway, the pwhist dir contains the files for each user and actually removing one the one for the user you want clears the history. I know this may not be recommended and I am not sure if there are other consequences, but it's a test box and it works. Now to determine if we want to roll the dice...

Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.