HPE Community
Operating System - HP-UX
1752717 Members
5916 Online
108789 Solutions
New Discussion юеВ

finding maximum characters for password

 
Jimmy Kong_1
Frequent Advisor

тАО08-25-2005 01:43 PM

тАО08-25-2005 01:43 PM

finding maximum characters for password

I'm working on HP-UX 10.20.
How do I find out the maximum number of characters for a user generated password?
0 Kudos
Reply
5 REPLIES 5
A. Clay Stephenson
Acclaimed Contributor

тАО08-25-2005 02:09 PM

тАО08-25-2005 02:09 PM

Re: finding maximum characters for password

If this is a trusted system then look in /tcb/files/auth/[a-z]/username. If the field u_maxlen is defined then that is the limit. If not defined then the limit defined in /tcb/files/auth/system/default is the value (u_maxlen). If this is a non-trusted system or uses NIS then 8 significant characters is the limit although more than 8 can be entered.
If it ain't broke, I can fix that.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО08-25-2005 02:10 PM

тАО08-25-2005 02:10 PM

Re: finding maximum characters for password

Unless your system is Trusted (look for a directory: /tcb which means it is Trusted), the maximum is 8 characters. BUT it is NOT enforced so you may enter 50 characters to create the password and all characters beyond 8 are silently ignored. You may enter more than 8 characters when logging in but every character after 8 is meaningless. Fot Trusted systems, use SAM to look at the security policies.


Bill Hassell, sysadmin
0 Kudos
Reply
Adisuria Wangsadinata_1
Honored Contributor

тАО08-25-2005 02:42 PM

тАО08-25-2005 02:42 PM

Re: finding maximum characters for password

Hi,

You can check also the information about password on the manual page of the passwd command :

# man passwd

Hope this information can help you.

Cheers,
AW
now working, next not working ... that's unix
0 Kudos
Reply
Jimmy Kong_1
Frequent Advisor

тАО08-25-2005 03:49 PM

тАО08-25-2005 03:49 PM

Re: finding maximum characters for password

It is a trusted system, the limit appears to be defined in
/tcb/files/auth/system/default (u_maxlen=12). Is this for system generated password?
However, it seems NOT enforced as I can reset the password to more than 50 characters.
From what you said, "characters beyond 8 are silently ignored".
I tested that with more than 15 characters and it didn't accept the password
even though the first 8 characters are correct.
Under SAM, the security policies stated maximum password length is set to 12
but I understand this operates under system generated password
(not user generated which I'm looking into).
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО08-26-2005 01:02 AM

тАО08-26-2005 01:02 AM

Re: finding maximum characters for password

You wrwote:

"
Aug 26, 2005 03:49:29 GMT N/A: Question Author
It is a trusted system, the limit appears to be defined in
/tcb/files/auth/system/default (u_maxlen=12). Is this for system generated password?"

Correct. Only for system generated passwords.


"However, it seems NOT enforced as I can reset the password to more than 50 characters."

There is a separate file for these settings. It is /etc/default/security and does not exist unless you create it. The settings that will work in this file depend entirely on your security patches. Use the man page for security (man security) to define the available keywords. For user-selected password length there are no controls. A user can enter whatever they want to use. There is a minimum password length however:

MIN_PASSWORD_LENGTH=6

You can also enforce a history (don't re-use old passwords) as well as controlling the UPPERCASE, lowercase, digts and special characters required in a user-generated password.

"From what you said, "characters beyond 8 are silently ignored".
I tested that with more than 15 characters and it didn't accept the password
even though the first 8 characters are correct."

This only applies to non-Trusted systems. Normally, no one will notice this feature until users with long passwords are converted to a Trusted system. The old password remains at 8 characters max b ut under a Trusted system, all characters entered are now significant. Therefore, the user must enter only 8 max to logon to the newly Trusted system.

"Under SAM, the security policies stated maximum password length is set to 12
but I understand this operates under system generated password
(not user generated which I'm looking into)."

Correct.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.