System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict Policies in /etc/default/security

raiden
Regular Advisor

Restrict Policies in /etc/default/security

In one of our system we have set some password policies in /etc/default/security. But now I dont want to restrict this policies to some of the accounts. Is there any method to not force this policies on some of accounts. Is is possible through "modprpw"?
13 REPLIES
Robert-Jan Goossens
Honored Contributor

Re: Restrict Policies in /etc/default/security

Hi,

Depends on which policies you are using in the /etc/default/security file and if your system is setup as a trusted system.

Have a look at the security manual, it describes for each policy if the system-wide default can be overwritten.

http://docs.hp.com/en/B3921-60631/security.4.html

Regards,
Robert-Jan
Ganesan R
Honored Contributor

Re: Restrict Policies in /etc/default/security

Hi Raiden,

Security settings defined on /etc/default/secuirty will be applicable to all the users. If you want to modify user level settings, then you need to convert the system into trusted mode.

modprpw will work with protected database that is on trusted systems
Best wishes,

Ganesh.
raiden
Regular Advisor

Re: Restrict Policies in /etc/default/security

Ganesan .. My system is trusted.. so how can i use modprpw to bypass below policies for defined in security file.

PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1

i want to use a simple password like abc123 but these policies doesnt allow me to.
Ganesan R
Honored Contributor

Re: Restrict Policies in /etc/default/security

Hi,

Simple way is goto SAM -> Accounts for Users and groups -> select the desired user -> Actions -> Modify user's security policies -> Password format policies -> here disable the restriction rules.

You can also do the same thing using modprpw command. You need to use "rstrpw=value" . Value can be YES/NO/DFT with modprpw command.

Best wishes,

Ganesh.
Robert-Jan Goossens
Honored Contributor

Re: Restrict Policies in /etc/default/security

Raiden,

Configuring Per-User Attributes

http://docs.hp.com/en/5992-3387/ch02s05.html

userdbset

Changes the attribute for the specified user to override the systemwide default defined in the /etc/default/security file. For an example, see Section , and see userdbset(1M) for more information.

Regards,
Robert-Jan
Mark McDonald_2
Trusted Contributor

Re: Restrict Policies in /etc/default/security

>>>i want to use a simple password like abc123 but these policies doesnt allow me to.

OK so use a then b c then 1 then 2 3

Abc!23 - seems pretty simple to me?
raiden
Regular Advisor

Re: Restrict Policies in /etc/default/security

Ganesan >>> Both the methods are not working.

@ Robert ...I cannot find the command userdbset in my system.
Robert-Jan Goossens
Honored Contributor

Re: Restrict Policies in /etc/default/security

what os version are you running?

raiden
Regular Advisor

Re: Restrict Policies in /etc/default/security

this is 11.11.

Is there any other alternate method.
Steven E. Protter
Exalted Contributor

Re: Restrict Policies in /etc/default/security

Shalom,

trusted system is great, I like to use it but you should be informed that it is last placed in 11.31.

It has been declared obsolete and will in the future be replaced by other tools. Shadow password might be a better option for compatibility with future versions of HP-UX

SEP

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
raiden
Regular Advisor

Re: Restrict Policies in /etc/default/security

Please someone tell me how do I bypass this settings in security file.

PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1

i want to keep a simple password like abc12345 for system admins.
Patrick Wallek
Honored Contributor

Re: Restrict Policies in /etc/default/security

>>i want to keep a simple password like abc12345 for system admins.

Why would you want to do that? If anything the system admins passwords should be more complicated. They should lead by example, especially when it comes to passwords.

I don't think there is a way to bypass the rules in /etc/default/security. I think they are completely separate from any trusted system settings and apply to ALL users on the system, no matter what.
Mark McDonald_2
Trusted Contributor

Re: Restrict Policies in /etc/default/security

Cant you simply copy the password hash from a box with a known simple password?