cancel
Showing results for 
Search instead for 
Did you mean: 

password strength in tru64

SOLVED
Go to solution
Simon Jespersen
Frequent Advisor

password strength in tru64

hi, We are in a process of security check all our systems, we are using sysmantec enterprise security manager 6.0 to do that.

we getting the message
User without system password strength The passwords for the accounts listed have not been checked by the system's password strength program. All passwords should be checked both by the system's password strength program and by Symantec ESM's Password Strength module. Yellow None a10207 :Lisbeth Ekelund: This user's password is not checked by the system pass-word strength program.


we are running enhanced security on that server, but i can not find any option for password dicionary, and password strenght (meaning not posible to use the same passwd in a given interval)

Im thinking that maybe the esm cannot scan tru64 password strengt and therefore is gives that message.
3 REPLIES
Mark Poeschl_2
Honored Contributor
Solution

Re: password strength in tru64

With enhanced security on in Tru64, the default behaviour is to not allow re-using the same password in 5 successive changes. See the "u_pwdepth" entry in /etc/auth/system/default. See 'man prpasswd' for an explanation of all the entries in this file as well as the shadow password file.

There is a d_pw_site_policy entry in the /etc/auth/system/default file designed to let you add your own password "strength" checking routines. We use it to enforce things like "one letter, one number, one special character rquired" in any password change.
Brian11121
Occasional Visitor

Re: password strength in tru64

Mark (or anyone),

Do you think you might be able to expand on how to use the d_pw_site_policy variable? I cant find this documented anywhere and its something we would like to implement.

thanks!
Ann Majeske
Honored Contributor

Re: password strength in tru64

See:
http://home.comcast.net/~spiderb/sec/site-pwpolicy.c.txt

Note that this example was supplied personally by Spider Boardman, not by HP :)

Ann