System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Parameter change effects in file /tcb/files/auth/system/default

 
SOLVED
Go to solution
sabinkarvijay
Frequent Advisor

Parameter change effects in file /tcb/files/auth/system/default

Hi All,

We are hardening our servers,

As per the standard password settings we need to change the below parameters in /tcb/files/auth/system/default file as :

1)u_maxtries#5

2) u_minchg#86400 (1 day)


3) u_exp#7776000 (90 days)

Presently the existing file is as below:

#/tcb/files/auth/system->cat default
default:\
:d_name=default:\
:d_boot_authenticate@:\
:u_pwd=*:\
:u_owner=root:u_auditflag#-1:\
:u_minchg#1728000:u_maxlen#12:u_exp#7776000:u_life#8640000:\
:u_llogin#7776000:u_pw_expire_warning#1728000:u_pswduser=root:u_pickpw:\
:u_genpwd@:u_restrict@:u_nullpw@:u_genchars@:\
:u_genletters@:u_suclog#0:u_unsuclog#0:u_maxtries#10:\
:u_lock:\
:t_logdelay#2:t_maxtries#10:t_login_timeout#0:\
:chkent:

Here i have some queries:

Will these changes effect root account also? If these will effect root account, I would like to know how can i set these changes for only indivisual users present in the servers?


Thanks in Advance,

Regards,
Vijay Sabinkari.
6 REPLIES
Vivek Bhatia
Trusted Contributor
Solution

Re: Parameter change effects in file /tcb/files/auth/system/default

1. Will these changes effect root account also?
Yes

2. If these will effect root account, I would like to know how can i set these changes for only indivisual users present in the servers?

Yes these are the default values but you can change it for a particular user by running
modprpw.

For Example:
Set the Minimum time between password changes to 12 (days), set the
System generates pronounceable password flag to NO, and set the System
generates password having characters only flag to YES.

modprpw -m mintm=12,syspnpw=NO,syschpw=YES someusr

The following example is to restrict the times that user joeblow can
get on the system on Mondays and Fridays to 5PM-9PM, and Sundays from
5AM-9AM. Other days are not restricted.

modprpw -m timeod=Mo1700-2100,Fr1700-2100,Su0500-0900 joeblow

Regards
Vivek
Sunny123_1
Esteemed Contributor

Re: Parameter change effects in file /tcb/files/auth/system/default

Hi

Will these changes effect root account also?

Yes

Follows viveks procedure for your 2nd question

Regards
Sunny
Michal Kapalka (mikap)
Honored Contributor

Re: Parameter change effects in file /tcb/files/auth/system/default

hi,

the default setting is for all users ( acounts ) included root, but you will be able to change the settings with this commad :

modprpw

mikap

Suraj K Sankari
Honored Contributor

Re: Parameter change effects in file /tcb/files/auth/system/default

Hi,
>>Will these changes effect root account also? If these will effect root account, I would like to know how can i set these changes for only indivisual users present in the servers?

Yes, it will effect root account also.
to know the changes
take a backup of this file
cp -p /tcb/files/auth/r/root /tcb/files/auth/r/root.org

change the setting

to check the difference give a diff command into these two files
diff /tcb/files/auth/r/root /tcb/files/auth/r/root.org

Suraj
sabinkarvijay
Frequent Advisor

Re: Parameter change effects in file /tcb/files/auth/system/default

thanks all for Prompt response,

u_minchg--> this parameter is for minimum time between password changes, am i right?


Regards,
Vijay Sabinkari.
Sunny123_1
Esteemed Contributor

Re: Parameter change effects in file /tcb/files/auth/system/default

Hi

Yes you are right.

u_minchg=minimum time between password change


Regards
Sunny