topic password policy in Operating System - HP-UX

password policy

Marco Hernandez_1 — Fri, 20 Apr 2001 13:37:51 GMT

Hi guys,

We are setting up a new login password policy but It seems that some points can not be followed so thru SAM, so can I force this points to be followed by the user when changing his/her password ?

Any Ideas ?

1.- Your Password must be at least 8 characters and can not repeat any of
your 4 previous passwords
2.- Passwords must contain special characters or punctuation. e.g. [~,!,@,#,$,%,&,*,etc...]
3.- Passwords shall not contain the user id or any part of the full name assigned to the account.
4.- Passwords must contain a combination of upper and lower case alphabetic characters

I have K570, 10.20, Trusted System.

Re: password policy

Barry O Flanagan — Fri, 20 Apr 2001 13:56:45 GMT

In /etc/default/security set the line PASSWORD_HISTORY_DEPTH = 4 to check against the last 4 passwords.

I think all configurable fields appear in /tcb/files/auth/system on a trusted system.

Re: password policy

Patrick Wallek — Fri, 20 Apr 2001 13:56:55 GMT

The only thing I can think of is to write a "wrapper" script for passwd that will check on the things that SAM won't let you check on. The user would input his/her new passwd, the script would check to make sure it does not contain any part of their name, and whatever else you can't get configured through SAM.

If it passes your script check, then it calls passwd to go the rest of the way and actually change the passwd.

Re: password policy

Paula J Frazer-Campbell — Fri, 20 Apr 2001 13:57:21 GMT

Hi Marco

Your planned password policy can be achieved by scripting a front end to the passwd, this will allow to to check that the users proposed password meets your criteria.
I would not enforce option one as it would require a storage of previous passwords for the lookup, but all the others can be checked before your script then fires the password at the passwd command.

Paula

1.- Your Password must be at least 8 characters and can not repeat any of
your 4 previous passwords
2.- Passwords must contain special characters or punctuation. e.g. [~,!,@,#,$,%,&,*,etc...]
3.- Passwords shall not contain the user id or any part of the full name assigned to the account.
4.- Passwords must contain a combination of upper and lower case alphabetic characters

Re: password policy

Jeff Gyurko — Fri, 20 Apr 2001 17:19:04 GMT

Marco,

Be real carefull with special characters.

The "@" clears what you've entered up to that point and lets you start over. When you type your password as stay@h0m your password turns out to be "h0m"

The "#" clears the last character that you typed so stay#h0m is really stah0m.

My .02

Re: password policy

Vincenzo Restuccia — Fri, 20 Apr 2001 17:41:39 GMT

8 char.:
abc!$2001