- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: force passwds characteristics
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-09-2007 01:49 AM
тАО10-09-2007 01:49 AM
force passwds characteristics
auditers came in, they want us to force the users to use more complex passwords than what they are currently using (simple, 1234,etc).
is there a way in regular unix (without trusted or a 3 party product) to do this?
thx in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-09-2007 01:53 AM
тАО10-09-2007 01:53 AM
Re: force passwds characteristics
/etc/default/security
example
MIN_PASSWORD_LENGTH=8
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-09-2007 01:56 AM
тАО10-09-2007 01:56 AM
Re: force passwds characteristics
If you are being audited, I'm surprised the auditors didn't ding you for not being trusted. ALL applications should work with trusted systems.
If you are HP-UX 11.11 or higher, do a 'man security'. This will give details of settings that can be used with the /etc/default/security file.
Things to look at are: password_history_depth, min_password_length, password_min_uppercase_chars, password_min_lowercase_chars, password_min_digit_chars and password_min_special_chars.
Setting these in /etc/default/security should do what you require. Be sure to read carefully, though, as some options MIGHT require your system to be trusted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-09-2007 01:57 AM
тАО10-09-2007 01:57 AM
Re: force passwds characteristics
see passwd man page for more information
Fat
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2007 02:15 AM
тАО10-10-2007 02:15 AM
Re: force passwds characteristics
For HP/UX you can change the parameters for security from within SAM
--Auditing and Security
-- System Security Policies
There are four selections you can go into and modify..
Password Format Policies
Password Aging Policies
General User Account Policies
Terminal Security Policies
I believe on a trusted system you have to modify a different file then /etc/default/security
Each user has a /tcb/files/auth/?/username file that contains rules and history related to login. It is best on a trusted system to modify the default parameters from within SAM.
Most of these are fairly self explanatory. If your system contains just a basic install and you haven't updated with patches, you may want to do so, also make sure you check that you have an updated version of SSH. We have 11.11 and had problems with the SSH version installed not handshaking correctly with PAM.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2007 03:06 AM
тАО10-10-2007 03:06 AM
Re: force passwds characteristics
It's a good thing your auditors are recommending converting to a Trusted system since you will then meet the security requirements and have a much safer system.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2007 08:30 PM
тАО10-16-2007 08:30 PM
Re: force passwds characteristics
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-17-2007 12:27 AM
тАО10-17-2007 12:27 AM
Re: force passwds characteristics
Here is a sample with a bunch of comments. NOTE: whether a feature exists or not depends on OS version and patches. Use your system's man page for security as the guide. Note also that the security file is parsed such that a # character appearing anywhere on the line (first, middle, last, etc) causes the line to be ignored. Also, if a setting is misspelled or has an invalid setting, it is silently ignored, so you must test each feature.
# Security file: /etc/default/security -- 11.00 and higher only
# Note: the contents of the security file are only meaningful
# at specific versions of HP-UX and security patches.
# And at 11.23 2005, a product called "Standard Mode Security Extensions"
# was created and adds additional security features to a non-Trusted
# system. So the only accurate documentation as to the working options
# in the security is: man security
# Comments (#) allowed only on separate line,
# no trailing # following a parameter or it
# will invalidate the setting
# Access controls (11.0 and higher)
#################
NOLOGIN=1
NUMBER_OF_LOGINS_ALLOWED=0
ABORT_LOGIN_ON_MISSING_HOMEDIR=0
# Single user mode authorization (11i and non-trusted only)
###########################################################
# Requires root password to get into single user mode
# BOOT_AUTH=1
# Users (besides root) that can boot into single user mode
# BOOT_USERS=bill,jane,joe
# Password controls - Trusted
###################
MIN_PASSWORD_LENGTH=6
PASSWORD_HISTORY_DEPTH=1
PASSWORD_MIN_UPPER_CASE_CHARS=0
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=0
# Non-Trusted or shadow password setup only:
# defaults: MAXDAYS=-1 MINDAYS=0 WARNDAYS=0
# PASSWORD_MAXDAYS=120
# PASSWORD_MINDAYS=7
# PASSWORD_WARNDAYS=7
# Session controls
##################
SU_ROOT_GROUP=suroot
SU_DEFAULT_PATH=/usr/bin:/usr/contrib/bin:
UMASK=022
# SU_KEEP_ENV_VARS=LD_LIBRARY_PATH,SHLIB_PATH,LD_PRELOAD
Bill Hassell, sysadmin