https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803030#M754328 Hi Michael,<BR /><BR />Yes you can use those functions on an untrusted system. Please note that according to the patch text:<BR /><BR />"These parameters have effect only when a password is changed. On untrusted systems, these parameters do not apply to the root user. The file /etc/default/security should be owned by root and have 0644 permissions."<BR /><BR />Root can still override the rules when changing a user password.<BR /><BR />If you attempt to change a password to something that doesn't comply with the rules you'll see a message like:<BR /><BR />"The password entered is not valid. Valid password must contains at least:<BR /><BR />2 upper case character(s)<BR />3 lower case character(s)<BR />etc.."<BR /><BR />regards,<BR /><BR />Darren. Tue, 10 Sep 2002 08:46:52 GMT Darren Prior 2002-09-10T08:46:52Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803029#M754327 Folks<BR /><BR />Can the following parameters be set in the /etc/default/security file on an untrusted system?<BR /><BR />PASSWORD_HISTORY_DEPTH<BR />PASSWORD_MIN_UPPER_CASE_CHARS <BR />PASSWORD_MIN_LOWER_CASE_CHARS <BR />PASSWORD_MIN_DIGIT_CHARS<BR />PASSWORD_MIN_SPECIAL_CHARS<BR /><BR />We don't want to convert to trusted but we have installed the PHCO_26089 patch.<BR /><BR />Any help appreciated.<BR /><BR />Michael Tue, 10 Sep 2002 07:35:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803029#M754327 Michael Campbell 2002-09-10T07:35:37Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803030#M754328 Hi Michael,<BR /><BR />Yes you can use those functions on an untrusted system. Please note that according to the patch text:<BR /><BR />"These parameters have effect only when a password is changed. On untrusted systems, these parameters do not apply to the root user. The file /etc/default/security should be owned by root and have 0644 permissions."<BR /><BR />Root can still override the rules when changing a user password.<BR /><BR />If you attempt to change a password to something that doesn't comply with the rules you'll see a message like:<BR /><BR />"The password entered is not valid. Valid password must contains at least:<BR /><BR />2 upper case character(s)<BR />3 lower case character(s)<BR />etc.."<BR /><BR />regards,<BR /><BR />Darren. Tue, 10 Sep 2002 08:46:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803030#M754328 Darren Prior 2002-09-10T08:46:52Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803031#M754329 Michael,<BR /><BR />Absolutely! We've been using the SU_ROOT_GROUP feature on untrusted systems for quite some time now.<BR /><BR />Enjoy,<BR />Pete Tue, 10 Sep 2002 09:17:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803031#M754329 Pete Randall 2002-09-10T09:17:15Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803032#M754330 All on your list EXCEPT the PASSWORD_HISTORY_DEPTH should work fine when not in trusted mode. That one won't work because the password history info is stored under /tcb, which doesn't exist except in trusted mode. Wed, 11 Sep 2002 09:08:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-security-file-on-an-untrusted-system/m-p/2803032#M754330 doug hosking 2002-09-11T09:08:57Z