cancel
Showing results for 
Search instead for 
Did you mean: 

Enhanced security...

SR Rao
Advisor

Enhanced security...

As per the edauth output the u_minlen is 0. But when I try to create a user with null password, it doesnt allow me.
Referring prpasswd man pages, it said " u_minlen ==> The number in this field specifies the minimum length of the user account password. If the field is zero, a dynamic value is calculated as defined in the Green Book."
Can some one guide me to the Green Book.
4 REPLIES
Ann Majeske
Honored Contributor

Re: Enhanced security...

The "Green Book" is the (old) U.S. Government document describing the C2 level security requirements. It was published with a green cover. You might be able to find this on a U.S. Government site somewhere.

To allow null passwords, set the u_nullpw field.

Ann
SR Rao
Advisor

Re: Enhanced security...

Thanks for the information. Meanwhile I have struck with one more issue.
The u_maxlen is set to 10 and u_minlen is set to 0. Now I understand that we cannot have a null password because of u_nullpw. But what is stopping me from setting the password to 1 or 2 letter length. Upon trying to change the password it prompts me to keep the password length from 9 to 80 characters!
Ann Majeske
Honored Contributor

Re: Enhanced security...

There are different length fields for generated and user chosen passwords. Check out the definitions for u_minchosen and u_maxchosen.

Ann
Mark Poeschl_2
Honored Contributor

Re: Enhanced security...

Since your u_minlen is still set to zero you are using the minimum length specified in the "Green Book" - whatever that is - it's almost certainly greater than 2. If you really want 1 or 2 character passwords you should set u_minlen to 1.