HPE Community
Operating System - OpenVMS
1752495 Members
5501 Online
108788 Solutions
New Discussion

Re: Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

 
gunners
Frequent Advisor

‎04-19-2013 11:08 AM

‎04-19-2013 11:08 AM

Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

Hi Folks,

Im trying to get information (ie what the param is set to ) on the following param

 

SYS$PASSWORD_HISTORY_LIMIT

 

Dont seem to get too much on the web. I tried showing logicals and its not there , and also had a look in sysgen and nothing either :/

 

Any pointers would be great guys.

 

Thanks

0 Kudos
Reply
3 REPLIES 3
abrsvc
Respected Contributor

‎04-19-2013 12:19 PM - edited ‎04-19-2013 12:25 PM

‎04-19-2013 12:19 PM - edited ‎04-19-2013 12:25 PM

Re: Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

From the guide to system security:


Once a user successfully creates a new password, the system enters the old password on the history list and
updates the file. The password history list can hold a large number of words, but it is limited to 60 by default.
If this number is exceeded, the user has to use generated passwords. A password remains on the password
history list for 365 days (or the default set by SYS$PASSWORD_HISTORY_LIFETIME). Whenever a user
account is deleted, the system removes all password records belonging to that account.


Using the DCL command DEFINE, you can change the defaults for the capacity and lifetime of the password
history list to any of the values indicated in Table 7-4.

 

Table 7.4  Defaults for Password History List

 

=========================================================================

 

System logical name                                      Default              Min              Max               Units

 

SYS$PASSWORD_HISTORY_LIFETIME        365                     1               28000           Days

 

SYS$PASSWORD_HISTORY_LIMIT                  60                    1                   2000          Absolute count

 

=========================================================================


For example, to increase the capacity of the history list from 60 passwords to 100, add the following line to the
command procedure SYLOGICALS.COM, which is located in SYS$MANAGER:


$ DEFINE/SYSTEM/EXEC SYS$PASSWORD_HISTORY_LIMIT 100

 


There is a correspondence between the lifetime of a password history list and the number of passwords
allowed on the list. For example, if you increase the password history lifetime to 4 years and your passwords
expire every 2 weeks, you would need to increase the password history limit to at least 104 (4 years times 26
passwords a year). The password history lifetime and limit can be changed dynamically, but they should be
consistent across all nodes on the cluster.

0 Kudos
Reply
abrsvc
Respected Contributor

‎04-19-2013 12:26 PM

‎04-19-2013 12:26 PM

Re: Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

As a followup, I suspect that the absense of the logical name allows for the default values which would explain why you don't see the logical name. Once you require a different value, the logical name is needed.

Dan
0 Kudos
Reply
B Claremont
Frequent Advisor

‎04-20-2013 06:37 AM

‎04-20-2013 06:37 AM

Re: Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

Should find more information on login parameters in the "OpenVMS System Management Utilities Reference Manual: M – Z" under LGI SYSGEN parameters.

www.MigrationSpecialties.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.