cancel
Showing results for 
Search instead for 
Did you mean: 

password

SOLVED
Go to solution
Saravanan_14
Frequent Advisor

password

how can i set the password, like this

one Capital letter and one numerical character?

ex: 1testpqS
12 REPLIES
Venkatesh BL
Honored Contributor

Re: password

Not sure if the question is clear. Do you want all users to have passwd in this pattern?
Saravanan_14
Frequent Advisor

Re: password

yes venkat
Venkatesh BL
Honored Contributor
Solution

Re: password

I think that the 'default' template should contain the options (passwd rules) that need to be applied for all new users (created using the default template). The 'prpasswd' manpage contains the list of passwd options available.
Saravanan_14
Frequent Advisor

Re: password

could you check it tell me.

Thanks

Saravanan
Ann Majeske
Honored Contributor

Re: password

You need to be running Enhanced Security. You want to set up a site callout program. See the entry for "d_pw_site_callout" in the default man page.

There is an example site callout program available at:
http://users.rcn.com/spiderb/sec/site-pwpolicy.c.txt
Saravanan_14
Frequent Advisor

Re: password

thanks ann & venkat
Saravanan_14
Frequent Advisor

Re: password

Ann, i have migrated base to enhanced seucirty. but i could not set the users password like this type testuser1A. and i could not understand the link which you have attached. please help me.

Thanks,

Saravanan
Hein van den Heuvel
Honored Contributor

Re: password

[text from threadId=874109 ]
> Hi ann & venkat, the prpasswd man pages this details not found and i tried that link also, which ann had give is anyone have idea?

i need to set the password one uppercase character and one numeric character
Example: Security1


Saravanan,

This is going to be a bit of a puzzle.
While your question is simple enough, the implementation details are tricky considering you are dealing the the systems security and integrety. If you are not comfortable putting the puzzle pieces together, then maybe you should consider some (consulting/support) help.

anyway...

the critical starting point is really: man prpasswd

It will point you to: /etc/auth/system/default
That in turn will lead to: /tcb/bin/pwpolicy

Read both files very carefully.

Now revisit the example in: http://users.rcn.com/spiderb/sec/site-pwpolicy.c.txt

Focus on:
"case AUTH_PW_OKPASSWORD:"
which in the example will call:
"allow_passcode_p(const char *passcode)"

This is where the C code needs to be inserted that implements your requirements.
Here is some trivial C code that implements exactly, but only, what you ask for:

#include
#include
#include

int main(int argc, char * argv[])
{
int pw_bad, upper_seen=0, digit_seen=0, lower_seen=0;
char c, *p;


if (argc < 2) {
printf(" usage: %s \n", argv[0]);
return -1;
}

p = argv[1];
while (c=*p++) {
if (isdigit(c)) digit_seen++;
if (islower(c)) lower_seen++;
if (isupper(c)) upper_seen++;
}

pw_bad = (upper_seen && digit_seen && lower_seen ) ? 0 : 1;

printf ("Password is %sacceptable.\n", (pw_bad)? "NOT ": "");
return pw_bad;
}


However, you have to ask yourself whether this is enough?
Don't you want to catch 'easy' passwords also?
So you may also want to call: acceptable_password() (has a man page)
and so on...

Good luck,
Hein.






Saravanan_14
Frequent Advisor

Re: password

thanks for your help but i am getting below error and here i have attached my /etc/auth/system/default also

passwd testusr1
Last successful password change for testusr1: Mon May 9 09:41:04 WET 2005
Last unsuccessful password change for testusr1: Mon May 9 10:51:48 WET 2005

New password:
usage: /roleback/newsite

Illegal password, try again.
New password:
usage: /roleback/newsite

Illegal password, try again.
New password:

my /etc/auth/system/default


default:\
:d_name=default:d_pw_expire_warning#0:d_pw_site_callout=/roleback/newsit
e:d_boot_authenticate@:\
:d_secclass=c2:\
:d_admin_preexpire_psw@:d_skip_ttys_updates:d_auto_migrate_users@:d_max_
vacation_future#0:\
:d_max_vacation_duration#0:d_accept_alternate_vouching@:d_skip_success_l
ogin_log:d_skip_fail_login_log:\
:d_null_psw_prompt#0:\
:u_pwd=*:u_owner=:u_priority#0:u_cmdpriv=boot,ping,printerstat,tape:\
:u_syspriv=execsuid,chmodsugid:\
:u_basepriv=execsuid,chmodsugid:\
:u_audcntl#0:u_auditmask=:u_minchg#0:u_minlen#1:\
:u_maxlen#10:u_exp#0:u_life#0:u_pickpw:\
:u_genpwd@:u_restrict:u_policy:u_nullpw@:\
:u_pwdepth#5:u_genchars@:u_genletters@:u_newcrypt#0:\
:u_maxtries#5:u_lock@:u_unlock#0:u_expdate#0:\
:u_vacation_start#0:u_vacation_end#0:u_max_login_intvl#0:u_grace_limit#0
:\
:u_psw_change_reqd@:u_gen_site:u_minchosen#8:u_maxchosen#80:\
:\
:t_maxtries#10:t_logdelay#2:t_lock@:t_unlock#86400:\
:\
Saravanan_14
Frequent Advisor

Re: password

i have compiled your script, which you have mentioned.
Hein van den Heuvel
Honored Contributor

Re: password

I'm sorry for the confusion, but my script was not at all intending to show a complete solution.
It was just a little bit of C code showing how the string evaluation could look like. To be integrated in a framework like perhaps that web page example.

Hein.


ps... I just tried a simple addition to that example, to call the Tru64 provide acceptable password also.

int acceptable_password( char *word, FILE *stream );
:
if (acceptable_password(p,NULL)) {
while (c=*p++) {
if (isdigit(c)) digit_seen++;
if (islower(c)) lower_seen++;
if (isupper(c)) upper_seen++;
}
}
:
> cc pw_test.c -lsecurity
> ./a.out hein
Password is NOT acceptable.
> ./a.out heinX1
Password is acceptable.
> ./a.out X1x1X
Password is NOT acceptable.
Saravanan_14
Frequent Advisor

Re: password

hein,


can you give me the clear scrip?