Operating System - HP-UX
1747988 Members
4948 Online
108756 Solutions
New Discussion юеВ

Re: Restrict Policies in /etc/default/security

 
raiden
Regular Advisor

Restrict Policies in /etc/default/security

In one of our system we have set some password policies in /etc/default/security. But now I dont want to restrict this policies to some of the accounts. Is there any method to not force this policies on some of accounts. Is is possible through "modprpw"?
13 REPLIES 13
Robert-Jan Goossens
Honored Contributor

Re: Restrict Policies in /etc/default/security

Hi,

Depends on which policies you are using in the /etc/default/security file and if your system is setup as a trusted system.

Have a look at the security manual, it describes for each policy if the system-wide default can be overwritten.

http://docs.hp.com/en/B3921-60631/security.4.html

Regards,
Robert-Jan
Ganesan R
Honored Contributor

Re: Restrict Policies in /etc/default/security

Hi Raiden,

Security settings defined on /etc/default/secuirty will be applicable to all the users. If you want to modify user level settings, then you need to convert the system into trusted mode.

modprpw will work with protected database that is on trusted systems
Best wishes,

Ganesh.
raiden
Regular Advisor

Re: Restrict Policies in /etc/default/security

Ganesan .. My system is trusted.. so how can i use modprpw to bypass below policies for defined in security file.

PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1

i want to use a simple password like abc123 but these policies doesnt allow me to.
Ganesan R
Honored Contributor

Re: Restrict Policies in /etc/default/security

Hi,

Simple way is goto SAM -> Accounts for Users and groups -> select the desired user -> Actions -> Modify user's security policies -> Password format policies -> here disable the restriction rules.

You can also do the same thing using modprpw command. You need to use "rstrpw=value" . Value can be YES/NO/DFT with modprpw command.

Best wishes,

Ganesh.
Robert-Jan Goossens
Honored Contributor

Re: Restrict Policies in /etc/default/security

Raiden,

Configuring Per-User Attributes

http://docs.hp.com/en/5992-3387/ch02s05.html

userdbset

Changes the attribute for the specified user to override the systemwide default defined in the /etc/default/security file. For an example, see Section , and see userdbset(1M) for more information.

Regards,
Robert-Jan
Mark McDonald_2
Trusted Contributor

Re: Restrict Policies in /etc/default/security

>>>i want to use a simple password like abc123 but these policies doesnt allow me to.

OK so use a then b c then 1 then 2 3

Abc!23 - seems pretty simple to me?
raiden
Regular Advisor

Re: Restrict Policies in /etc/default/security

Ganesan >>> Both the methods are not working.

@ Robert ...I cannot find the command userdbset in my system.
Robert-Jan Goossens
Honored Contributor

Re: Restrict Policies in /etc/default/security

what os version are you running?

raiden
Regular Advisor

Re: Restrict Policies in /etc/default/security

this is 11.11.

Is there any other alternate method.