topic Re: Minimum Password Length in Operating System - HP-UX

Minimum Password Length

Donald Osbourne — Fri, 26 Oct 2007 14:31:22 GMT

Hi Folks,

I'm running trusted HP/UX 11.0 & 11.11, and trying to change the minimum security length from 6 to 8 for all users, except root, using the /etc/default/security config.

The "MIN_PASSWORD_LENGTH=8" appears to govern all users, without exemption for the root user.

Can the default minimum be changed from 6 to 8 in the trusted environment, with exemption for root?

Thanks,

Don

Re: Minimum Password Length

A. Clay Stephenson — Fri, 26 Oct 2007 14:44:40 GMT

While the maximum password length can be specified at the individual user level (to override) the default, the minimum length is global. However, a small backdoor exists which does allow you to out-bushwhack the minimum password length requirement. Rather than executing "passwd root" (which is almost certainly /usr/bin/passwd), execute "/sbin/passwd root". The version in /sbin is a stripped down version and does very little checking. History nor minimum password length is enfornced.

Re: Minimum Password Length

Donald Osbourne — Fri, 26 Oct 2007 14:53:46 GMT

Clay,

Thnak you very much. It works like a charm.

Re: Minimum Password Length

Rick Krul — Fri, 16 Nov 2007 12:52:45 GMT

On a similar note, can the option of password differing by 3 positions to 2? The Windows side of the house has AD set to this and users are complaining on the HPUX side of the 3 character difference requirement. I haven't seen a setting in security that addresses this.

Re: Minimum Password Length

Rick Krul — Fri, 16 Nov 2007 12:53:55 GMT

I am running a non-trusted system, but am using password_depth setting (=5).

Thank you to anyone who can help.