https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905148#M752226 Hi,<BR /><BR />1. Yes.<BR /><BR />2. From the SR of this patch<BR /><BR />//<BR />(SR: 1653307520 CR: JAGab24842)<BR /> Password minimum length is hard-wired to be 6 characters<BR /> in libpam_unix.1.<BR /><BR /> Resolution:<BR /> libpam_unix.1 now sets the minimum password length to the<BR /> user-defined value of the MIN_PASSWORD_LENGTH=N parameter<BR /> in the /etc/default/security file. For untrusted systems<BR /> "N" can be any value between 6 and 8; for trusted systems<BR /> "N" can be any value between 6 and 80. The default value<BR /> is 6. This parameter has effect only when a password is<BR /> changed. On untrusted systems, this parameter does not<BR /> apply to the root user. As an example, create a file<BR /> called /etc/default/security, if it does not already<BR /> exist, and make it world readable and root write-able.<BR /> Add the following line to the file:<BR /> MIN_PASSWORD_LENGTH=8<BR />//<BR /><BR />This parameter has effect only when a password is changed. So, the users with less than 8 chars passwords should be fine.<BR /><BR />-Sri Fri, 14 Feb 2003 17:19:20 GMT Sridhar Bhaskarla 2003-02-14T17:19:20Z https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905147#M752225 Two Questions: 1. I was told that we can install the patch PHCO_20334 (or better) to be able to have password length requirement without converting to Trusted System. Is this correct? 2. If we can and we set the min_password_length to 8, what will happened to those users with less than 8 chars in length passwords. Thanks!! Fri, 14 Feb 2003 17:02:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905147#M752225 MICHAEL_30 2003-02-14T17:02:25Z https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905148#M752226 Hi,<BR /><BR />1. Yes.<BR /><BR />2. From the SR of this patch<BR /><BR />//<BR />(SR: 1653307520 CR: JAGab24842)<BR /> Password minimum length is hard-wired to be 6 characters<BR /> in libpam_unix.1.<BR /><BR /> Resolution:<BR /> libpam_unix.1 now sets the minimum password length to the<BR /> user-defined value of the MIN_PASSWORD_LENGTH=N parameter<BR /> in the /etc/default/security file. For untrusted systems<BR /> "N" can be any value between 6 and 8; for trusted systems<BR /> "N" can be any value between 6 and 80. The default value<BR /> is 6. This parameter has effect only when a password is<BR /> changed. On untrusted systems, this parameter does not<BR /> apply to the root user. As an example, create a file<BR /> called /etc/default/security, if it does not already<BR /> exist, and make it world readable and root write-able.<BR /> Add the following line to the file:<BR /> MIN_PASSWORD_LENGTH=8<BR />//<BR /><BR />This parameter has effect only when a password is changed. So, the users with less than 8 chars passwords should be fine.<BR /><BR />-Sri Fri, 14 Feb 2003 17:19:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905148#M752226 Sridhar Bhaskarla 2003-02-14T17:19:20Z https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905149#M752227 Sridhar, Thanks a lot!!! Fri, 14 Feb 2003 17:25:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905149#M752227 MICHAEL_30 2003-02-14T17:25:03Z https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905150#M752228 I have not try this but looking at the patch it seems that the minimum password length can be changed in /etc/default/security (after the patch is installed). If your system is untrusted and you've set MIN_PASSWORD_LENGTH (in /etc/default/security) to say 8 and if you got any existing users which has 6 or more chars in their password it should still work ( I think). To play safe what you can do is force all your users to change their password after you've installed the patch. Fri, 14 Feb 2003 17:28:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-length-without-trusted-system/m-p/2905150#M752228 S.K. Chan 2003-02-14T17:28:18Z