Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Showing results for 
Search instead for 
Did you mean: 

Password policies HP-UX 11.11

Go to solution
Lina Garcia
Occasional Contributor

Password policies HP-UX 11.11


I am a system's auditor at this company with hp-ux 11.11, and i dont seem to find the files with the password policies configured, something like the PAM module files. I know so far that everytime the administrator creates a new user he enters trough the SAM GUI, but he does like that one by one.

1- is there a way to configure password policies for all users at the same time?

2- where can i find the SAM or the password policies files of this system?

many thanks everyone 4 your help.
Bill Hassell
Honored Contributor

Re: Password policies HP-UX 11.11

There are three security methods you can use on 11.11, the standard version, Trusted, and shadow password. Standard HP-UX has very few controls for password controls (no retry limit, few format limits and no history) other than expiration limits. Trusted has a wide variety of controls, both global for all users and local for each user. Shadow password is more limited but somewhat better that standard.

If you do not have a /tcb directory, then your system is not Trusted and your choices are quite limited. SAM can convert your system to Trusted at which point you will have a multitude of choices. See also the man page: security. The security must be created. PAM files do not have to be modified to use the security features.

Bill Hassell, sysadmin
Emil Velez
Honored Contributor

Re: Password policies HP-UX 11.11


The good news is that 11.23 has a new security policy for users with the new SMSE security extensions where you can define global policies as well as per user policies.

Until 11.23 with smse

all you have is standard unix, Trused mode, and shadow password. Only Trusted mode allows you very find or global control. This is where SMSE picks up. Trusted is being depreciated as a feature in leu of SMSE.