HPE Community
Operating System - HP-UX
1753814 Members
7801 Online
108805 Solutions
New Discussion юеВ

Re: System wide password Format on Trusted System 11.11?

 
SOLVED
Go to solution
rmueller58
Valued Contributor

тАО09-29-2009 06:01 AM

тАО09-29-2009 06:01 AM

System wide password Format on Trusted System 11.11?

We are looking at ways to improve password policies.

I see parameters in:
/tcb/files/auth/system/
default:

I want to know is there a way to define parameters, to set password format
and minimum length?

We would like to set a minimum password length and force the use of a alpha/numeric/character mix.


Can someone explain or suggest ways to enforce "minimum length" and "format requirements" (such as alpha/numeric/characters)

I see in SAM you can make the system
GENERATE
- Pronouncable
- Character
- Letters Only
- User Specifies

DO you procedurally use "User Specifies" and ask the User to use a mix ? Or is there a way when the user resets there password to require the specify a minimum format requirement?

And a minimum length?

Replies, links, ideas all appreciated.


0 Kudos
14 REPLIES 14
Mel Burslan
Honored Contributor

тАО09-29-2009 06:05 AM

тАО09-29-2009 06:05 AM

Solution

Re: System wide password Format on Trusted System 11.11?

did you check /etc/default/security file yet ?

here is how mine looks:

[root@nomad:/root]
# ll /etc/default/security
-r--r--r-- 1 bin bin 2538 Oct 31 2007 /etc/default/security
[root@nomad:/root]
# grep -v ^# /etc/default/security | grep -v ^$
ABORT_LOGIN_ON_MISSING_HOMEDIR=1
MIN_PASSWORD_LENGTH=8
PASSWORD_HISTORY_DEPTH=8
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MAXDAYS=91
PASSWORD_MINDAYS=1
PASSWORD_WARNDAYS=7
SU_ROOT_GROUP=sysadm

________________________________
UNIX because I majored in cryptology...
0 Kudos
rmueller58
Valued Contributor

тАО09-29-2009 06:07 AM

тАО09-29-2009 06:07 AM

Re: System wide password Format on Trusted System 11.11?

Mel,

this is a trusted 11.11 system.. I do not have
the /etc/default/security file..
0 Kudos
Hakki Aydin Ucar
Honored Contributor

тАО09-29-2009 06:16 AM

тАО09-29-2009 06:16 AM

Re: System wide password Format on Trusted System 11.11?

Did you check the ;

/tcb/files/auth/system/default

BTW ; The file in question is /etc/default/security does not exist by default. But if we create it, we can use a variable called

PASSWORD_HISTORY_DEPTH:3

In this case, a new password is checked against the last three passwords. If the new password is the same as a previous password, the user must choose a different one. Password histories are stored in files under the directory /tcb/files/auth/system/pwhist:
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО09-29-2009 06:18 AM

тАО09-29-2009 06:18 AM

Re: System wide password Format on Trusted System 11.11?

Hi:

You might want to consider that Trusted Systems are deprecated with 11.31 and will not be supported in successive releases.

As Mel pointed out, the '/etc/default/security' file (and shadow passwords) are part of the basis for future security enhancements in HP-UX. You might want to consider beginning this transition.

For 11.11 the Shadow Password product can be obtained here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

Regards!

...JRF...
0 Kudos
rmueller58
Valued Contributor

тАО09-29-2009 06:54 AM

тАО09-29-2009 06:54 AM

Re: System wide password Format on Trusted System 11.11?

So, will the /etc/default/security work on the trusted system?

(per JRF) it would require we install the "Shadow Password Depot"?

Does this Depot overlay the tcb/trusted system or do we need to unconvert the trusts?

0 Kudos
Pete Randall
Outstanding Contributor

тАО09-29-2009 07:04 AM

тАО09-29-2009 07:04 AM

Re: System wide password Format on Trusted System 11.11?

Yes, it will work on trusted systems. If you don't have one, just create it. You can use Mel's as a template.


Pete

Pete
0 Kudos
Pete Randall
Outstanding Contributor

тАО09-29-2009 07:05 AM

тАО09-29-2009 07:05 AM

Re: System wide password Format on Trusted System 11.11?

Oh - and the security man page will guide you on the rest of the parameters.


Pete

Pete
0 Kudos
rmueller58
Valued Contributor

тАО09-29-2009 07:07 AM

тАО09-29-2009 07:07 AM

Re: System wide password Format on Trusted System 11.11?

Thanks Pete..

I will take a look at both.

0 Kudos
rmueller58
Valued Contributor

тАО09-29-2009 07:26 AM

тАО09-29-2009 07:26 AM

Re: System wide password Format on Trusted System 11.11?

Thanks All. As usual.. Many thanks.. Wish I could contribute as much as I get back from you all.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.