HPE Community
Operating System - HP-UX
1752781 Members
5849 Online
108789 Solutions
New Discussion юеВ

password length

 
SOLVED
Go to solution
Randy_9
Regular Advisor

тАО09-21-2006 07:48 AM

тАО09-21-2006 07:48 AM

password length

My system 11.23 ( non-trusted )has the following line in /etc/default/security ( permission = 644 ):
MIN_PASSWORD_LENGTH=8

Yet when I change a password for a local
account and give it only 7 characters, it accepts it?

Why isn't it enforcing it?
0 Kudos
Reply
5 REPLIES 5
Randy_9
Regular Advisor

тАО09-21-2006 07:50 AM

тАО09-21-2006 07:50 AM

Re: password length

Just an FYI, it is a "root equivalent" account UID = 0.
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО09-21-2006 07:56 AM

тАО09-21-2006 07:56 AM

Solution

Re: password length

Answered your own question... the restriction doesn't apply to root. See security(4) man page.

MIN_PASSWORD_LENGTH
This parameter controls the minimum length of new passwords. It is not applicable to the root user on an untrusted system.
--
Jeff Traigle
Reply
Randy_9
Regular Advisor

тАО09-21-2006 08:14 AM

тАО09-21-2006 08:14 AM

Re: password length

Duh!, okay I tried it for another local user
( UID = 66770 ) and gave it a 6 character password and it also accepted it?
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО10-03-2006 05:38 AM

тАО10-03-2006 05:38 AM

Re: password length

Missed the update... It doesn't matter what account you try to set the password for as root, the restriction will not be applied. Were you changing that password as root also? Or did you mean that logged in as that user, you were able to have a shorter password?
--
Jeff Traigle
0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО10-03-2006 05:57 AM

тАО10-03-2006 05:57 AM

Re: password length

The min length will be enforced for users other than root, so, if you're logged in as root and changing the password, it will accept whatever length password you give it. If you are logged in as a regular user the minimum should be enforced.


Pete

Pete
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.