System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to enable Password Policy using /etc/default/security file

 
Michael R Louw
Occasional Contributor

How to enable Password Policy using /etc/default/security file

Dear Gurus,

I am currently busy testing the above-mentioned on a Testing Server. I created the /etc/default/security with the parameter that I want to implement on our Production server but when testing it does not work. The only parameter that work is " ABORT_LOGIN_ON_MISSING_HOMEDIR" parameter. The other parameters are as follows:

ABORT_LOGIN_ON_MISSING_HOMEDIR=1
MIN_PASSWORD_LENGTH=10
PASSWORD_HISTORY_DEPTH=5
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1
PASSWORD_MAXDAYS=45
PASSWORD_MINDAYS=0
PASSWORD_WARNDAYS=7

Is there something else that I should install/activate for this to work?

Thank you in advance.
Michael
3 REPLIES
mvpel
Trusted Contributor

Re: How to enable Password Policy using /etc/default/security file

What do you mean by "does not work?" What kind of testing are you doing and what are the results of specific tests? Are you on a trusted-mode system, or do you have any security packages installed, such as shadow passwords or standard mode security extensions?

It won't block existing passwords that don't meet the criteria listed, for example - the minimums only apply to new passwords. The minimum length is not applicable to root on non-trusted systems, per the man page.

The PASSWORD_MIN stuff is only available if PHCO_24606 or later is installed, per the man page.

If your system is in trusted mode, you also need to check /tcb/files/auth/system/default, and each user's TCB database entry for values that may override these defaults.

The /etc/default/security file must be world-readable, also, per the man page, and this requirement would necessarily include the /etc and /etc/default directories.
Pete Randall
Outstanding Contributor

Re: How to enable Password Policy using /etc/default/security file

What version of hp-ux are you running? On 11.11, for example, many of these options are available on trusted systems only:

"password history depth configuration is on a system basis and is supported in trusted system for users in files repository only"


Pete

Pete
Michael R Louw
Occasional Contributor

Re: How to enable Password Policy using /etc/default/security file

None