https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841969#M273451 My apologies, this is actually a trusted system. I downloaded most of the 10.x documentation, and now understand the /tcb/files/auth structure Mon, 14 Aug 2006 08:35:12 GMT Dirk Moolman 2006-08-14T08:35:12Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841953#M273435 I also have another question regarding passwords on my version B10:20.<BR /><BR />Some of my accounts have short passwords (5 characters, alphabetic only. When I try to change the passwords, I am not allowed to use 5 characters any longer. How can I force the use of 5 characters - how did the previous admin do this ?<BR /><BR />Dirk Fri, 11 Aug 2006 10:27:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841953#M273435 Dirk Moolman 2006-08-11T10:27:12Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841954#M273436 The root use can make the password change and use any length he wants.<BR /><BR /><BR />Pete Fri, 11 Aug 2006 10:31:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841954#M273436 Pete Randall 2006-08-11T10:31:37Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841955#M273437 Dirk,<BR /><BR />why not just go with a bit more system security and use 8 alphanumeric and numeric numbers? Seems anymore, you can't make a system secure enough. Is this system running in trusted mode?<BR /><BR />Andy Fri, 11 Aug 2006 10:34:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841955#M273437 AndyMueller 2006-08-11T10:34:16Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841956#M273438 I am logging in as root, but I am still not allowed to create 5 character passwords, which is strange to me.<BR /><BR />I do not want to give away too much detail about my system, for security reasons, but we have cases unfortunately where we need the 5 char passwords.<BR /><BR />I also do not know if the system is trusted or not. I had a look under /tcb, but I don't know what to look for, and cannot tell if the system is trusted or not. Fri, 11 Aug 2006 10:41:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841956#M273438 Dirk Moolman 2006-08-11T10:41:58Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841957#M273439 run: /usr/lbin/getprpw <LOGINID> and it will tell you if the system is trusted or not.</LOGINID> Fri, 11 Aug 2006 10:49:17 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841957#M273439 AndyMueller 2006-08-11T10:49:17Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841958#M273440 Nope, mine is not - thanks Fri, 11 Aug 2006 10:52:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841958#M273440 Dirk Moolman 2006-08-11T10:52:25Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841959#M273441 Dirk, man passwd, your answer might be with MIN_PASSWORD_LENGTH variable<BR /><BR />On an untrusted system, only the first eight characters of a password are significant.<BR /><BR /> + On an untrusted system, passwords of non-root users must have at<BR />least six characters. On a trusted system, passwords of all users must have at least six characters. This restriction on the<BR />password length can be increased to a value larger than six. Refer to the security(4) manual page for detailed information on<BR />configurable parameters that affect the behavior of this command.<BR />The parameter to select the minimum password length is MIN_PASSWORD_LENGTH<BR /> Fri, 11 Aug 2006 10:57:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841959#M273441 AndyMueller 2006-08-11T10:57:38Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841960#M273442 My apologies for asking so many questions, I just have a lot to do in a very short time (work overload) - <BR /><BR />the man page says:<BR />"The minimum password length depends on several parameters that the system administrator sets in the authentication databases."<BR /><BR />Where can I read more about the authentication of passwords, and the authentication databases ? Fri, 11 Aug 2006 11:09:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841960#M273442 Dirk Moolman 2006-08-11T11:09:53Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841961#M273443 PS. I do not have any system administration documentation - is there a URL where I can download pdf versions of the HP manuals ?<BR /><BR />Any help appreciated Fri, 11 Aug 2006 11:12:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841961#M273443 Dirk Moolman 2006-08-11T11:12:33Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841962#M273444 In a non-trusted system, the only "authentication database" that I'm aware of is /etc/default/security. Check there for MIN_PASSWORD_LENGTH and do a man on security.<BR /><BR /><BR />Pete Fri, 11 Aug 2006 11:13:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841962#M273444 Pete Randall 2006-08-11T11:13:35Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841963#M273445 Dirk,<BR /><BR />try a : man security<BR />somewhere there appears to be a place where you can set the password lenght, I'm just not sure where.<BR />/etc/default/security maybe? Fri, 11 Aug 2006 11:13:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841963#M273445 AndyMueller 2006-08-11T11:13:37Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841964#M273446 Dirk,<BR /><BR />For documentation:<BR /><BR /><A href="http://docs.hp.com/" target="_blank">http://docs.hp.com/</A><BR /><BR />For HP-UX 10.20 specific docs:<BR /><BR /><A href="http://docs.hp.com/en/oshpux10.x.html" target="_blank">http://docs.hp.com/en/oshpux10.x.html</A><BR /><BR />A lot of the docs are available in either HTML or PDF format. Fri, 11 Aug 2006 11:24:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841964#M273446 Patrick Wallek 2006-08-11T11:24:18Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841965#M273447 Hi Dirk,<BR /><BR />Like Pete said. use the /etc/default/security file.<BR />PASSWORD_MIN_UPPER_CASE_CHARS=2<BR />PASSWORD_MIN_LOWER_CASE_CHARS=2<BR />PASSWORD_MIN_DIGIT_CHARS=2<BR />PASSWORD_MIN_SPECIAL_CHARS=2<BR />PASSWORD_HISTORY_DEPTH=10<BR />MIN_PASSWORD_LENGTH=9<BR /><BR />sp, Fri, 11 Aug 2006 17:10:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841965#M273447 Sp4admin 2006-08-11T17:10:42Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841966#M273448 All the manuals for HP-UX are located at:<BR /> <BR />docs.hp.com<BR /> <BR />NOTE: version 10.20 has been obsolete and unsupported since 2001 so many of the manuals will have details that do not apply to your old software. The /etc/default/security file will have no effect at all unless you have applied all the security patches for 10.20. Now your system is trusted IF there is a /tcb directory -- if not, then you have a standard system. Root should be able to change any user's password to 5 characters -- the previous admin may have created a script that uses usermod.sam or something similar. What error message do you get when you type:<BR /><BR />passwd userlogin<BR /> <BR />Also, does your site use an NIS server for centralized passwords? Fri, 11 Aug 2006 18:37:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841966#M273448 Bill Hassell 2006-08-11T18:37:30Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841967#M273449 The submitter indicated that the systems were running 10.20. /etc/default/security did not exist until after 11.00 shipped. (It was first created in the August, 1998 release of 11.00 to control variables related to the password history mechanism.) I don't believe those changes were ever backported to 10.20 systems, though 10.20 has been out of support for so long that it's mostly irrelevant now.<BR /><BR />Generally speaking, the design philosophy has been to not force restrictions like this upon superusers, since they could always bypass them by using vi directly on the passwd file or other configuration files, and are more likely to break something by doing so. Fri, 11 Aug 2006 19:22:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841967#M273449 doug hosking 2006-08-11T19:22:12Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841968#M273450 Thank you everyone for the replies, I do appreciate it.<BR />I also assumed that this was an old version of HP, when I read the man pages which were very limited.<BR /><BR />I will download the documentation, and read up about this version a bit. And I think Doug is right - I do not have the file /etc/default/security on this system.<BR /><BR />Thanks again<BR /> Mon, 14 Aug 2006 02:57:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841968#M273450 Dirk Moolman 2006-08-14T02:57:16Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841969#M273451 My apologies, this is actually a trusted system. I downloaded most of the 10.x documentation, and now understand the /tcb/files/auth structure Mon, 14 Aug 2006 08:35:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841969#M273451 Dirk Moolman 2006-08-14T08:35:12Z https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841970#M273452 Info I found (also not available on my version):<BR /><BR />o MIN_PASSWORD_LENGTH <BR />(introduced in 11.00 via PHCO_24390) Mon, 14 Aug 2006 10:03:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length/m-p/3841970#M273452 Dirk Moolman 2006-08-14T10:03:18Z