HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Security attributes - password complexity - where is this set?

 
SOLVED
Go to solution
EEESEC
Frequent Advisor

Security attributes - password complexity - where is this set?

Hi All,

I have an L2000 HP-UX 11i v2 server that is converted to trusted. When I attempt to change a user password "passwd " and don't use a certain complexity I get "Password must contain at least two alphabetic characters and at least one number or special character." This is good, but where are these setting actually set at?

My /etc/default/security file has only the following entries:

MIN_PASSWORD_LENGTH=15
PASSWORD_HISTORY_DEPTH=15

A run of "userdbget -a" returns nada.

If I look at the security attributes settings via SAM I have default entries in everything except
MIN_PASSWORD_LENGTH
PASSWORD_HISTORY_DEPTH

Settings like PASSWORD_MIN_SPECIAL_CHARS are still at default 0.

Where else are these password complexity rules being set at? Man security only points me to the above....
4 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: Security attributes - password complexity - where is this set?

Hi:

The manpages for 'security(4)' note that for 'PASSWORD_MIN_type_CHARS', the "system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb".

Regards!

...JRF...
EEESEC
Frequent Advisor

Re: Security attributes - password complexity - where is this set?

Ya, I noticed that. Note my above comment on running "userdbget -a" which returns a big load of nothing. If there are per user settings set for this, shouldn't I be getting some output from that command?
EEESEC
Frequent Advisor
Solution

Re: Security attributes - password complexity - where is this set?

Figured this out. The requirement for the password to contain at least two alphabetic characters and at least one number or special character is an inherent minimal default for the HP-UX OS. It won't be listed in the default security files. Didn't know this, but there it is plain as day in the man for passwd.

http://docs.hp.com/en/B2355-60105/passwd.1.html

10 points to me. ;)
EEESEC
Frequent Advisor

Re: Security attributes - password complexity - where is this set?

closed