https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513366#M218612 Nope, no reboot necessary. Existing user sessions are untouched, new users can login with no visible differences except they will now see when they last logged in successfully and when they last failed to login successfully. Tue, 29 Mar 2005 10:42:55 GMT Bill Hassell 2005-03-29T10:42:55Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513356#M218602 All,<BR /><BR />HPUX 11i<BR /><BR />I am trying to setup the Password_history_depth so that users will be prevented from re-using the previous 6 password.<BR /><BR />I have added the file /etc/default/security and included the line: PASSWORD_HISTORY_DEPTH=6 in it and it is readable by everyone.<BR /><BR />However, I have experimented on my test server with one user account and it did not remember the previous password, therefore I do not believe it is working as expected.<BR /><BR />Did I miss something?<BR /><BR />Thanks Tue, 29 Mar 2005 08:03:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513356#M218602 Nick D'Angelo 2005-03-29T08:03:32Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513357#M218603 Nick,<BR /><BR />According to the man page, this feature "is supported in trusted system for users in files repository only. This feature does not support the users in NIS or NISPLUS repositories."<BR /><BR />Are you on a trusted, non-NIS system?<BR /><BR /><BR />Pete Tue, 29 Mar 2005 08:08:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513357#M218603 Pete Randall 2005-03-29T08:08:12Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513358#M218604 Thanks, NO NIS or NISplus is being used.<BR /> Tue, 29 Mar 2005 08:09:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513358#M218604 Nick D'Angelo 2005-03-29T08:09:43Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513359#M218605 Hi<BR /><BR />This feature works only in trusted mode, you can change the system a test system to trusted mode and see if that works out for you.<BR /><BR />Rgds<BR /><BR />HGN Tue, 29 Mar 2005 08:39:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513359#M218605 HGN 2005-03-29T08:39:23Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513360#M218606 The password history for each user is stored in /tcb/files/auth, so if you don't have this directory, your system is not Trusted and virtually none of the password controls mentioned in the security man page will work. Tue, 29 Mar 2005 09:50:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513360#M218606 Bill Hassell 2005-03-29T09:50:19Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513361#M218607 Hi,<BR /><BR />Please see man page of security. It says " The pasword history depth configuration is on a system basis and is supported in tructed system for users in files repository only"<BR /><BR />So this can be possible in trusted mode only and If you are using files then only. It does not support NIS<BR /><BR />Sunil Tue, 29 Mar 2005 09:51:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513361#M218607 Sunil Sharma_1 2005-03-29T09:51:09Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513362#M218608 Thank you all.<BR /><BR />Bill H - question<BR /><BR />What if I don't have a /tcb/files/auth etc directory? Can I just create one?<BR /> Tue, 29 Mar 2005 10:29:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513362#M218608 Nick D'Angelo 2005-03-29T10:29:15Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513363#M218609 You'll need to convert your system to trusted, either by going through SAM (recommended) or running tsconvert.<BR /><BR /><BR />Pete Tue, 29 Mar 2005 10:31:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513363#M218609 Pete Randall 2005-03-29T10:31:26Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513364#M218610 Nope. /tcb is the Trusted Computing Base directory and is meaningless without the Trusted conversion. Go into SAM and select Auditing and Security. You'll be asked to convert to Trusted. NOTE: is you use tsconvert (which is hidden in /usr/lbin) all the passwords will be expired immediately. SAM will enable all the logins. Note also that if anyone user on your system (including root) has a password more than 8 characters, during the conversion the password will be honored only when 8 characters are entered. If you enter more, it will be rejected. This is because your un-trusted system silently ignored the extra characters.<BR /> <BR />Once converted to Trusted (takes a minute or so), SAM will now have additional features including system-wide security policies including password history. Tue, 29 Mar 2005 10:40:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513364#M218610 Bill Hassell 2005-03-29T10:40:39Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513365#M218611 Peter, thank you.<BR /><BR />Will it require a reboot? Tue, 29 Mar 2005 10:41:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513365#M218611 Nick D'Angelo 2005-03-29T10:41:03Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513366#M218612 Nope, no reboot necessary. Existing user sessions are untouched, new users can login with no visible differences except they will now see when they last logged in successfully and when they last failed to login successfully. Tue, 29 Mar 2005 10:42:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513366#M218612 Bill Hassell 2005-03-29T10:42:55Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513367#M218613 Hmm, it errored with a -1 while trying to configure this on my test server using SAM.<BR />This was the error:<BR /><BR />he attempt to convert this system to a trusted system failed. The x x <BR />x [x command return value was "-1" and the standard error output was: x x <BR />x x Can't write protected database; x x <BR />x [x password file unchanged. <BR /><BR />?? Tue, 29 Mar 2005 11:11:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513367#M218613 Nick D'Angelo 2005-03-29T11:11:52Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513368#M218614 Sorry All, I was a little too quick to post my error.<BR /><BR />I found a user account in /etc/password that had a # as its first character. Once I removed this, and re-ran Sam - it converted to a trusted host no problem.<BR /><BR />THanks anyhow. Tue, 29 Mar 2005 11:16:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513368#M218614 Nick D'Angelo 2005-03-29T11:16:15Z https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513369#M218615 Are you running short of space in your / file system? Run a bdf and check.<BR /><BR /><BR />Pete Tue, 29 Mar 2005 11:17:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-history-depth/m-p/3513369#M218615 Pete Randall 2005-03-29T11:17:10Z