https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360298#M346054 It is trusted mode server, so it means i don't even need to modify the security file at all, right?<BR /><BR />thanks<BR />Leah Tue, 17 Feb 2009 18:53:46 GMT Leah Chow 2009-02-17T18:53:46Z https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360296#M346052 I have a new HP Integrity RX6600 server, I need to create users to use some applications. I modified the /etc/default/security file to define some password policy:<BR /><BR /><BR /># Password history depth<BR /> PASSWORD_HISTORY_DEPTH=5<BR /><BR /># Optional restrictions for new passwords<BR /># PASSWORD_MIN_UPPER_CASE_CHARS=0<BR /> PASSWORD_MIN_LOWER_CASE_CHARS=1<BR /> PASSWORD_MIN_DIGIT_CHARS=1<BR /># PASSWORD_MIN_SPECIAL_CHARS=2<BR /><BR /># Standard and Shadow modes only: number<BR /># of days that passwords are valid<BR /># PASSWORD_MAXDAYS=175<BR /> PASSWORD_MINDAYS=90<BR /><BR /><BR />When i use smh or sam to create user account, i click on 'Modify users security policies', then 'password aging policies' , it has default (enabled) function, something like this:<BR /><BR />time between password changes (days): 0<BR />password expiration time (days): 182<BR />Password Expiration warning time (days): 7<BR />password Life time (days): 196<BR /><BR />I gave each user a temperaory password, so i need to click on <BR /><BR />password age status:<BR /><BR />expire password immediately<BR /><BR />to expire password as soon as the user log on.<BR /><BR />My question is which policy will system follow? the security file or the sam?<BR /><BR />thanks for your help<BR />Leah Tue, 17 Feb 2009 14:31:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360296#M346052 Leah Chow 2009-02-17T14:31:54Z https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360297#M346053 Hi,<BR /><BR />If you have converted the system to trusted mode then the global security policies you define on SAM will be applicable to all the users. You can also define user level security policies in trusted configuration by selecting individual users.<BR /><BR />/etc/default/security policies will be applicable to non-trusted systems. Tue, 17 Feb 2009 14:43:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360297#M346053 Ganesan R 2009-02-17T14:43:31Z https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360298#M346054 It is trusted mode server, so it means i don't even need to modify the security file at all, right?<BR /><BR />thanks<BR />Leah Tue, 17 Feb 2009 18:53:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360298#M346054 Leah Chow 2009-02-17T18:53:46Z https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360299#M346055 &gt;&gt;&gt;It is trusted mode server, so it means i don't even need to modify the security file at all, right?&lt;&lt;&lt;<BR /><BR />Not really...There are many parameters you can set in security file which cannot be set on trusted configurations. Like Password history depth,<BR />Number of logins allowed per user, How to behave when user home dir is missing, Password min upper/lower/special characters,<BR />ignorance of /etc/nologin file, etc.<BR /><BR />security file will be referred even after the system is converted to trusted. It provides extended security features.<BR /><BR />Have a look at the security manual, it describes for each option if it applies for trusted systems.<BR /><BR /><A href="http://docs.hp.com/en/B3921-60631/security.4.html" target="_blank">http://docs.hp.com/en/B3921-60631/security.4.html</A><BR /><BR /> Wed, 18 Feb 2009 11:02:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-password-security/m-p/4360299#M346055 Ganesan R 2009-02-18T11:02:08Z