topic default passwd settings on "non trusted" system in Operating System - HP-UX

default passwd settings on "non trusted" system

Paul Ettema — Wed, 21 Oct 2009 07:58:46 GMT

We have a "non trusted" hp-ux 11i system
and I want to know:
What the default security settings are.

There is a directory /etc/default/ but no file "security"

Paul.

Re: default passwd settings on "non trusted" system

Sunny Jaisinghani — Wed, 21 Oct 2009 09:37:03 GMT

copy the file from some other server and change the variables as per your need

Re: default passwd settings on "non trusted" system

Sunny Jaisinghani — Wed, 21 Oct 2009 09:53:26 GMT

IF your server is non trusted then some security features from /etc/default/security won't work as those features depend on the tcb database.

Which security features are you lookig for???

Re: default passwd settings on "non trusted" system

Paul Ettema — Wed, 21 Oct 2009 09:57:35 GMT

Hi Sunny,

like: min/max password length

Re: default passwd settings on "non trusted" system

R.K. # — Wed, 21 Oct 2009 10:02:11 GMT

Hi Paul..

Password length is governed by "/etc/default/security" file.

Inside that file you will find:

MIN_PASSWORD_LENGTH
This parameter controls the minimum length of new passwords. It is not applicable to the root user on an untrusted system.

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For untrusted systems N can be any value from 6 to 8. For trusted systems N can be any value from 6 to 80.

Hope this helps..

Re: default passwd settings on "non trusted" system

R.K. # — Wed, 21 Oct 2009 10:03:28 GMT

Hi Again,

Try using sam for this:
SAM -> Auditing and Security -> System Security Policies -> Password Format policies -> maximum password length

Regds..

Re: default passwd settings on "non trusted" system

Hakki Aydin Ucar — Wed, 21 Oct 2009 10:39:10 GMT

>RK :MIN_PASSWORD_LENGTH

it is good for Trusted Systems not untrusted systems.

Re: default passwd settings on "non trusted" system

Hakki Aydin Ucar — Wed, 21 Oct 2009 10:45:10 GMT

Correction for my answer to RK:

/etc/default/security will give the only parameter for non-trusted systems:

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For non-trusted systems N can be any value from 6 to 8, while can be any value from 6 to 80 for Trusted system.

Re: default passwd settings on "non trusted" system

Ganesan R — Wed, 21 Oct 2009 11:19:27 GMT

Hi Paul,

There won't be any security settings implied to the users if the systems is not trused or /etc/default/security files doesn't exist.

You can copy or create security file by your own. To know more about the parameters in security file and it's explanations, read the man page or go here..

http://docs.hp.com/en/B2355-60127/security.4.html

Re: default passwd settings on "non trusted" system

Paul Ettema — Thu, 22 Oct 2009 10:12:10 GMT

@(1) R.K.#
no file "/etc/default/security"

@(2) R.K.#
Then I got dthe message "You need to convert to a Trusted System before proceeding. ..."

@(1) Hakki Aydin
I have "non trusted"

@(2) Hakki Aydin
Where is it defined on "non trusted"? I don't have "/etc/default/security"

Re: default passwd settings on "non trusted" system

F Verschuren — Thu, 22 Oct 2009 10:28:50 GMT

if you do not have the file,
the max passwd is 8 (you can use more caracters, but you will see that when entering the passwd the firat 8 are enauf to login.. so if somebody is thinking he has a 9 caracter passwd when youing to trusted mode ore when setting the max om 9 his passwd wil nologer work (unless he is only typing the first 8)

there is no other limitation to the passwd that are used

ps some passwd settings like max passwd age that can be set in the /etc/passwd file. if this options are used you encripted passwd fielt in the /etc/passwd is getting longer, for more info man passwd.

Alsow it is poseble to gain a shadow file, please check if you have one (this will change my anwser)

Re: default passwd settings on "non trusted" system

Paul Ettema — Wed, 04 Nov 2009 07:45:54 GMT

Thanks all for input.
it is clear for me now (and for auditor)

Paul.