Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Strong passwords and Enhanced Security

SOLVED
Go to solution
Joanne Durante
Occasional Visitor

Strong passwords and Enhanced Security

Hello:

I have recently installed enhanced security on an Alpha Server. Is there an easy way to set a password policy that will check user supplied passwords for at least one number and one special character? I was looking at /tcp/bin/pwpolicy and was unsure how to proceed.

Thanks in advance,
Joanne
7 REPLIES
Michael Schulte zur Sur
Honored Contributor

Re: Strong passwords and Enhanced Security

Hi,

this thread should give you the idea:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=379607

greetings,

Michael
Ann Majeske
Honored Contributor
Solution

Re: Strong passwords and Enhanced Security

You can try enabling triviality checks (u_restrict) and see if that is good enough.

If not, there's a sample pwpolicy program at: http://users.rcn.com/spiderb/sec/site-pwpolicy.c.txt that might help.
Ravi_8
Honored Contributor

Re: Strong passwords and Enhanced Security

Hi,

you can use
secsetup or secconfig, both are GUI based, you choose the level of security
never give up
Joanne Durante
Occasional Visitor

Re: Strong passwords and Enhanced Security

Thanks for all your help. I found the link to the Security documentation last week in your forum, and it has been most helpful! The sample program link looks great. I will just have to play around with it to get it to do what I need.
Michael Schulte zur Sur
Honored Contributor

Re: Strong passwords and Enhanced Security

Hi Ann,

glad to have helped. Come again, if you need more help.

greetings,

Michael

ps. points are gratefully accepted ;-)
http://forums1.itrc.hp.com/service/forums/helptips.do?#28
Joanne Durante
Occasional Visitor

Re: Strong passwords and Enhanced Security

Hello again:

Does anyone have a pwpolicy program that they have already implemented that requires at least one number and one symbol for a user supplied password? I had a programmer look at the sample site-pwpolicy program, and she said that that program only checked that certain characters were part of the password. She was unsure how to require a password to have 2 types of characters. Has anyone used Epasswd or npasswd on Tru64 UNIX? Any and all help is greatly appreciated.

Re: Strong passwords and Enhanced Security

I'm surprised that the programmer you say you asked couldn't figure this out, but....

In function allow_passcode_p(), in the #else branch, replace this line:

if (strcspn(passcode, "#@$\033") != strlen(passcode))

with something like this:

if (strcspn(passcode, "0123456789") != strlen(passcode) &&
strcspn(passcode, "!\"#$%'&()*`~-_=+;:[]{}\\|,.<>/?") != strlen(passcode))

I'd really make that 'symbols' string be a static constant string defined earlier in the function, but that's the general idea.