HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Security policies for users

 
HCL Ash
Frequent Advisor

Security policies for users

i need to setup security policies for system..

i have setup things in /etc/default/security file

MIN_PASSWORD_LENGTH=8
NUMBER_OF_LOGINS_ALLOWED=5
PASSWORD_HISTORY_DEPTH=6
PASSWORD_MAXDAYS=90
PASSWORD_MINDAYS=2
AUTH_MAXTRIES=5

This configration not working.

I dont want to go for trusted mode.
4 REPLIES
Pete Randall
Outstanding Contributor

Re: Security policies for users

It is typical for many of security's features to be available on trusted systems only. Like history depth for example:

"The password history depth configuration is on a system basis and is supported in trusted system for users in files repository only."

I'm not sure about max/min days/tries, but that could be the case with them also.

Could you elaborate on "not working"?


Pete

Pete
UXisCool
Advisor

Re: Security policies for users

I believe the default file would set parameters for any new users that you define. For existing users, I would go into sam and under the accounts for users and groups tab, go to the user tab and highlight a user and right click. Then select modify security policies. You will have to do that for each user unfortunately. Let me know if that works for you.
James R. Ferguson
Acclaimed Contributor

Re: Security policies for users

Hi:

Have a look at the 'security(4)' manpages as they relate to the '/etc/default/security' file.

Regards!

...JRF...
Steven E. Protter
Exalted Contributor

Re: Security policies for users

Shalom,

Suggested test parameters.


As a regular user, invoke the passwd command. input a 7 digit password. that tests:
MIN_PASSWORD_LENGTH=8

as a regular user, attempt to log in 6 times. That tests:
NUMBER_OF_LOGINS_ALLOWED=5

Attempt to re-use previous password as a regular user. That tests:
PASSWORD_HISTORY_DEPTH=6

Try and log in an inactive regular user on day 91. That tests.
PASSWORD_MAXDAYS=90

Change a user password. Next day try and change it again:
PASSWORD_MINDAYS=2

Try logging in as a regular user and submit an incorrect password 6 times.
AUTH_MAXTRIES=5


At least if you submit results from the above tests, we can get a handle on what you mean by "Not working."

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com