cancel
Showing results for 
Search instead for 
Did you mean: 

Enable Password Policy

Mohammad Sanaullah
Frequent Advisor

Enable Password Policy

Dear All
I need to enforce customers password policy which states that
1. All password except root to expired every 30 days
2. Root password to expire on 90 days
3. last five password can not be used
4. Account is locked after 5 Un-successfull login
5. password complexity as minimum 6 character

My system is not in trusted mode.

I know that auto user lock after failed attempt can not be implemented without the trusted mode. What about other points???
Alive
2 REPLIES
F Verschuren
Esteemed Contributor

Re: Enable Password Policy

most options can only be set in trusted mode.
there are 2 options that can be set in the security file:
cat /etc/default/security
PASSWORD_HISTORY_DEPTH=5
MIN_PASSWORD_LENGTH=6


in the manual page af passwd there are some options that can help:

-n min Determine the minimum number of days, min, that must
transpire before the user can change the password.

-w warn Specify the number of days, warn, prior to the password
expiring when the user will be notified that the
password needs to be changed. This option is only
enabled when the system has been converted to a
trusted, secure system. Refer to the Managing Systems
and Workgroups manual for how to convert your HP-UX to
a trusted, secure system.

-x max Determine the maximum number of days, max, a password
can remain unchanged. The user must enter another
password after that number of days has transpired,
known as the password expiration time.

If you do not go to the trusted mode not all options are configeble.

to go to the trusted mode SAM is the easy way...
Ivan Krastev
Honored Contributor

Re: Enable Password Policy

For non-trusted systems use /etc/default/security - http://docs.hp.com/en/B9106-90011/security.4.html

regards,
ivan