https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032150#M739752 On an HP 11.23 Itanium box I have set some password requirements in /etc/default/security<BR />PASSWORD_MIN_UPPER_CASE_CHARS=1<BR />PASSWORD_MIN_LOWER_CASE_CHARS=2<BR />PASSWORD_MIN_DIGIT_CHARS=1<BR />PASSWORD_MIN_SPECIAL_CHARS=1<BR />MIN_PASSWORD_LENGTH=8<BR /><BR />I have a user who has tried to set his password to Branw:whol01 and this fails the test giving<BR />"The password entered is not valid. Valid passwords must contain... etc."<BR /><BR />This seems to be because the digits are not in the first eight characters. E.g. Bran01w:whol passes.<BR /><BR />Is this a bug? Is there a patch?<BR /><BR />John Kelly Tue, 06 Mar 2007 11:48:06 GMT John Kelly_3 2007-03-06T11:48:06Z https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032150#M739752 On an HP 11.23 Itanium box I have set some password requirements in /etc/default/security<BR />PASSWORD_MIN_UPPER_CASE_CHARS=1<BR />PASSWORD_MIN_LOWER_CASE_CHARS=2<BR />PASSWORD_MIN_DIGIT_CHARS=1<BR />PASSWORD_MIN_SPECIAL_CHARS=1<BR />MIN_PASSWORD_LENGTH=8<BR /><BR />I have a user who has tried to set his password to Branw:whol01 and this fails the test giving<BR />"The password entered is not valid. Valid passwords must contain... etc."<BR /><BR />This seems to be because the digits are not in the first eight characters. E.g. Bran01w:whol passes.<BR /><BR />Is this a bug? Is there a patch?<BR /><BR />John Kelly Tue, 06 Mar 2007 11:48:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032150#M739752 John Kelly_3 2007-03-06T11:48:06Z https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032151#M739753 It depends upon whether you are running trusted or standard passwords. With standard passwords only the first 8 characters of the plaintext password are significant and you would be wise to observe this convention because then you have passwords that are usable across all flavours of UNIX. If you are rnning a trusted system then you can enable longer passwords and the bigcrypt() function is used to encode the password hashes as opposed to the stanard UNIX crypt() function.<BR /><BR />Man security and pwpwd for details. Tue, 06 Mar 2007 11:55:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032151#M739753 A. Clay Stephenson 2007-03-06T11:55:10Z https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032152#M739754 Thanks Clay. It isn't Trusted at the moment but it would seem to make sense to do so with this issue confusing the users.<BR /><BR />Thanks<BR /><BR />John Tue, 06 Mar 2007 11:58:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032152#M739754 John Kelly_3 2007-03-06T11:58:03Z https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032153#M739755 In that case what I would do is modify /tcb/files/auth/system/default and set<BR />u_maxlen#8 <BR />so that when combined with your MIN_PASSWORD_LENGTH=8 in /etc/default/security<BR />will make your password be exactly 8 character long and the user messages should then be more meaningful.<BR />The setting in the system_default does assume that you have not explicitly set the u_maxlen value in a given user's file because the individual's setting then takes precedence over the default value.<BR /> Tue, 06 Mar 2007 12:23:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032153#M739755 A. Clay Stephenson 2007-03-06T12:23:21Z https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032154#M739756 Question answered above. Thanks. Wed, 07 Mar 2007 10:00:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-complexity-problem/m-p/5032154#M739756 John Kelly_3 2007-03-07T10:00:44Z