topic Re: parameter passwd in Operating System - HP-UX

parameter passwd

Vogra — Tue, 17 Dec 2002 17:39:05 GMT

Hi All!
where can I find the file that maintain parameters about password? I know I have to chose a password that use alfabetical and numerical characters, but I don't know where it was defined...
My system are not trusted, but I know its get rules to make construct passwors like "two alfabetical more one numerial character" etc...
thanxs

Re: parameter passwd

James R. Ferguson — Tue, 17 Dec 2002 17:46:41 GMT

Hi:

See the man pages for 'security(4)'.

Regards!

...JRF...

Re: parameter passwd

Pete Randall — Tue, 17 Dec 2002 17:47:39 GMT

/etc/default/security ?

Pete

Re: parameter passwd

Patrick Wallek — Tue, 17 Dec 2002 17:53:00 GMT

Check out the following manual:

http://docs.hp.com/hpux/onlinedocs/B2355-90696/B2355-90696.html

It is the HP-UX 11i section 4 manual which does contain the entry for 'security'. I could not find the entry online in the 11.0 manuals or on some of my 11.0 systems.

Re: parameter passwd

doug hosking — Thu, 19 Dec 2002 00:04:07 GMT

You might be interested in patches
PHCO_27797 and PHCO_24390 or equivalents.
Quoting from the patch doc file:

A site's security policies sometimes require new passwords
to contain specific numbers or types of characters, such as
at least two digits and at least one special character.
Resolution:
In addition to the standard password requirements,
optional entries in the file /etc/default/security specify
the minimum number of required characters of each type
(upper case characters, lower case characters, digits
and special characters) in a new password.
PASSWORD_MIN_UPPER_CASE_CHARS=N
PASSWORD_MIN_LOWER_CASE_CHARS=N
PASSWORD_MIN_DIGIT_CHARS=N
PASSWORD_MIN_SPECIAL_CHARS=N
The default value for N is 0. These parameters have
effect only when a password is changed. On untrusted
systems, these parameters do not apply to the root user.
The file /etc/default/security should be owned by root and
have 0644 permissions.
As an example, to require passwords at least 8 characters
long, composed of at least 5 upper case characters, 2
lower case characters and a digit, include the following
lines in /etc/default/security, as specified above:
PASSWORD_MIN_UPPER_CASE_CHARS=5
PASSWORD_MIN_LOWER_CASE_CHARS=2
PASSWORD_MIN_DIGIT_CHARS=1

Re: parameter passwd

Bill Hassell — Thu, 19 Dec 2002 04:38:37 GMT

You didn't post the opsystem revision, so in case you are running obsolete 10.20, the comments about /etc/default/security do not apply. In 10.20, the rules are defined in the passwd program and cannot be changed. For 11.0 and higher, you can set the policy via the security file *BUT* you must load the relevant libpam patches to add that capability. Also, the security man page is missing in 11.0 but found in 11i (11.11) and you can read it at docs.hp.com. In a future release, the security file will be populated with comments so all the options will be visible. Unfortunately, is any of the entries are misspelled or have a wrong option, the item is silently ignored.