Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Showing results for 
Search instead for 
Did you mean: 

Restrict new password format options presented to a user?

Go to solution
Occasional Advisor

Restrict new password format options presented to a user?

Hi there

we're running an HP9000 container running 11.11 on an Integrity server running 11.31; the apps run on the 11.11 container and the user log directly into it.

What I want to know is, when a user's password needs resetting they get presented with the dialog offering them the choice of a pronouncable system-generated password, an unpronouncable one, or the option to create their own.

We want to alter this behaivour so that the only option is for them to create their own without the initial "select which option" dialog. All that "man passwd" mentions is:

"  When passwd is invoked on a trusted system, the existing password is     
      requested (if one is present).  This initiates the password              
      solicitation dialog which depends upon the type of password generation   
      (format policy) that has been enabled on the account doing the passwd    
      command.  There are four possible options for password generation: "


but I can't see where to alter the "password solicitation dialog". Anyone able to help please?


Many thanks





P.S. This thread has been moevd from HP-UX > System Administration to Security. - Hp forum moderator 

Honored Contributor

Re: Restrict new password format options presented to a user?

Looks like your container is using the HP-UX Trusted System Mode.


In a real 11.11, this change could be made with the modprpw command for a specific user:

modprpw -m usrpick=YES,syspnpw=NO,syschpw=NO,sysltpw=NO username

(the possible settings for each option are YES, NO, or DFT = use a system-wide default)


Or if you want to change the system-wide (or maybe container-wide in your case) default settings:

/usr/lbin/modprdef -m usrpick=YES,syspnpw=NO,syschpw=NO,sysltpw=NO


Occasional Advisor

Re: Restrict new password format options presented to a user?


Yes, that's it, thanks, the modprpw commands did the trick.

We're running trusted on the containers but the host machine is not, so 'modprdef' isn't working., but we'll fix that at next restart time.