Operating System - HP-UX
1748154 Members
3645 Online
108758 Solutions
New Discussion

Re: Restrict new password format options presented to a user?

 
SOLVED
Go to solution
malc_p
Occasional Advisor

Restrict new password format options presented to a user?

Hi there

we're running an HP9000 container running 11.11 on an Integrity server running 11.31; the apps run on the 11.11 container and the user log directly into it.

What I want to know is, when a user's password needs resetting they get presented with the dialog offering them the choice of a pronouncable system-generated password, an unpronouncable one, or the option to create their own.

We want to alter this behaivour so that the only option is for them to create their own without the initial "select which option" dialog. All that "man passwd" mentions is:


"  When passwd is invoked on a trusted system, the existing password is     
      requested (if one is present).  This initiates the password              
      solicitation dialog which depends upon the type of password generation   
      (format policy) that has been enabled on the account doing the passwd    
      command.  There are four possible options for password generation: "

 

but I can't see where to alter the "password solicitation dialog". Anyone able to help please?

 

Many thanks

 

 

 

 

P.S. This thread has been moevd from HP-UX > System Administration to Security. - Hp forum moderator 

2 REPLIES 2
Matti_Kurkela
Honored Contributor
Solution

Re: Restrict new password format options presented to a user?

Looks like your container is using the HP-UX Trusted System Mode.

 

In a real 11.11, this change could be made with the modprpw command for a specific user:

modprpw -m usrpick=YES,syspnpw=NO,syschpw=NO,sysltpw=NO username

(the possible settings for each option are YES, NO, or DFT = use a system-wide default)

 

Or if you want to change the system-wide (or maybe container-wide in your case) default settings:

/usr/lbin/modprdef -m usrpick=YES,syspnpw=NO,syschpw=NO,sysltpw=NO

 

MK
malc_p
Occasional Advisor

Re: Restrict new password format options presented to a user?

Hi

Yes, that's it, thanks, the modprpw commands did the trick.

We're running trusted on the containers but the host machine is not, so 'modprdef' isn't working., but we'll fix that at next restart time.

 

Regards