topic Re: /etc/default/security and Trusted Systems in Operating System - HP-UX

/etc/default/security and Trusted Systems

A. Daniel King_1 — Mon, 26 Jan 2004 13:52:32 GMT

Hi, folks.

Does /etc/default/security have any real meaning on a trusted system? Are there settings which are ignored? Does this file get deleted/created with [de]converting to a trusted system?

Overall, I'd like to hear some about some anecdotal experience with this file including specifics, gotchas, etc.

Thanks!

Re: /etc/default/security and Trusted Systems

Sridhar Bhaskarla — Mon, 26 Jan 2004 14:02:33 GMT

Hi,

Yes. /etc/default/security will provide more options like PASSWORD_HISTORY_DEPTH, password format like PASSWORD_MIN_UPPER_CASE_CHARS, PASSWORD_MIN_LOWER_CASE_CHARS etc., that cannot be set with modprpw commands on a trusted system.

-Sri

Re: /etc/default/security and Trusted Systems

Jeff Schussele — Mon, 26 Jan 2004 14:03:58 GMT

Hi,

Yes - it's where you can define PW composition - i.e. minimum upper/lower case, min digits & special character that must be included in PWs. As well as PW history depth which won't allow PW repeats for so many iterations.
We use it on all of our servers.

HTH,
Jeff

Re: /etc/default/security and Trusted Systems

Robert-Jan Goossens — Mon, 26 Jan 2004 14:05:33 GMT

Hi,

Check this doc,

Europe
http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000066734723
US
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000066734723

Document description: How to increase the password restrictions
Document id: KBRC00011604

Regards,
Robert-Jan

Re: /etc/default/security and Trusted Systems

Bill Hassell — Mon, 26 Jan 2004 14:24:55 GMT

/etc/default/security works on Trusted, non-Trusted and Shadow systems (but not on 10.20 or earlier). The man pages have not kept up with the changes since there are various modules that look at the security file. It is not created automatically. Attached is the most complete security file as I can find.

NOTES:

- Not all options apply to 11.0 or even 11.11. It all depends on having the latest security patches, specifically for libpam.

- Not all options apply to Trusted (or non-Trusted or Shadow). The comments in the file will sort them out.

- There is no validity checker for the file. Thus, the only way to validate the setting is to test it. Note also that a # character anywhere on the line cancels the line (so trailing comments turn the entire line into a comment). For /etc/default/security, spelling counts!

Security in 11.0 and higher is defined in several places depending on whether the system is Trusted, Shadowed, or non-Trusted. Check the man pages for: authcap prpwd security getprpw