topic Re: conversion to trusted system (10.20) disables some accounts in Operating System - HP-UX

conversion to trusted system (10.20) disables some accounts

B. Chapman — Wed, 24 Oct 2001 16:08:49 GMT

Hello all,

Upon converting to Trusted System, some of our user accounts are automatically disabled. Is this due to:

-Password is NULL - and we've set the policy to NOT allow NULL passwords
-Password is easily guessable - and we've set the policy to "Use Restriction Rules" - which does a simple dictionary pass
-Account hasn't been used in over 30 days - and we've set the policy to "Lock Invactive Accounts" after 30 days of non-use.

So, which one is it? None of the above? All of the above?

Thanks in advance,
Ben Chapman.
bchapman@telcordia.com

Re: conversion to trusted system (10.20) disables some accounts

harry d brown jr — Wed, 24 Oct 2001 16:30:48 GMT

From what I remember, it is all.

live free or die

harry

Re: conversion to trusted system (10.20) disables some accounts

harry d brown jr — Wed, 24 Oct 2001 16:36:53 GMT

Also, all passwords will expire.

Re: conversion to trusted system (10.20) disables some accounts

B. Chapman — Wed, 24 Oct 2001 16:37:39 GMT

So, (I'd like to focus on the last item - the 30-day expiration item), when I convert to trusted system (or when I set the policy in SAM), if someone hasn't logged in for the last 30 days, then the ID will automatically be disabled at the time of conversion/policy-setting?

I've heard that the "30-day-clock" doesn't start until AFTER you convert/policy-set.

Yes? No? Correct? Incorrect info?

Again, thanks in advance,
Ben Chapman

Re: conversion to trusted system (10.20) disables some accounts

harry d brown jr — Wed, 24 Oct 2001 17:41:37 GMT

I just completed a test, and you are correct that an account should not expire until after the conversion.

live free or die

harry

Re: conversion to trusted system (10.20) disables some accounts

Wan Yue Gong — Sun, 04 Jul 2004 20:43:47 GMT

Hi all,

Can I check with you:

- how can I confirm that my HP-UX B.11.00 U 9000/800 has been converted to Trusted System?

My company has such a security policy:
- to force password change upon password reset by administrator
- to change password on the next 90th day upon password update
- to warn password expiry 5 days before the password expires
- not to allow password change initiated by user within 7 days once the password is updated by user
- disable id which is inactive for >90days

password aging policy has been set as such in SAM:
- Time between password changes (days): 7
- Password expiration time (days): 90
- Password expiration warning time (days): 5
- Password life time (days): 90

My questions are:
- is the above being set correctly in SAM according to the policy?
- users are complaining that they don't get password expiry warning message from system, why is this so?
- users also complained that ids are being locked by system after 90 days upon password change, even if the id is active, why is this so?

Appreciate your assistance. Thanks in advance!

wanyue
wanyue.gong@aig.com

Re: conversion to trusted system (10.20) disables some accounts

Michael Tully — Sun, 04 Jul 2004 21:03:03 GMT

please open a new posting.

Re: conversion to trusted system (10.20) disables some accounts

Wan Yue Gong — Sun, 04 Jul 2004 21:09:19 GMT

Hi Mike,

A new message has been posted.

thanks,
wanyue
wanyue.gong@aig.com