HPE Community
Operating System - HP-UX
1752577 Members
4390 Online
108788 Solutions
New Discussion юеВ

User password Security

 
SOLVED
Go to solution
Leah Chow
Frequent Advisor

тАО02-17-2009 06:31 AM

тАО02-17-2009 06:31 AM

User password Security

I have a new HP Integrity RX6600 server, I need to create users to use some applications. I modified the /etc/default/security file to define some password policy:


# Password history depth
PASSWORD_HISTORY_DEPTH=5

# Optional restrictions for new passwords
# PASSWORD_MIN_UPPER_CASE_CHARS=0
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
# PASSWORD_MIN_SPECIAL_CHARS=2

# Standard and Shadow modes only: number
# of days that passwords are valid
# PASSWORD_MAXDAYS=175
PASSWORD_MINDAYS=90


When i use smh or sam to create user account, i click on 'Modify users security policies', then 'password aging policies' , it has default (enabled) function, something like this:

time between password changes (days): 0
password expiration time (days): 182
Password Expiration warning time (days): 7
password Life time (days): 196

I gave each user a temperaory password, so i need to click on

password age status:

expire password immediately

to expire password as soon as the user log on.

My question is which policy will system follow? the security file or the sam?

thanks for your help
Leah
0 Kudos
Reply
3 REPLIES 3
Ganesan R
Honored Contributor

тАО02-17-2009 06:43 AM

тАО02-17-2009 06:43 AM

Solution

Re: User password Security

Hi,

If you have converted the system to trusted mode then the global security policies you define on SAM will be applicable to all the users. You can also define user level security policies in trusted configuration by selecting individual users.

/etc/default/security policies will be applicable to non-trusted systems.
Best wishes,

Ganesh.
Reply
Leah Chow
Frequent Advisor

тАО02-17-2009 10:53 AM

тАО02-17-2009 10:53 AM

Re: User password Security

It is trusted mode server, so it means i don't even need to modify the security file at all, right?

thanks
Leah
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО02-18-2009 03:02 AM

тАО02-18-2009 03:02 AM

Re: User password Security

>>>It is trusted mode server, so it means i don't even need to modify the security file at all, right?<<<

Not really...There are many parameters you can set in security file which cannot be set on trusted configurations. Like Password history depth,
Number of logins allowed per user, How to behave when user home dir is missing, Password min upper/lower/special characters,
ignorance of /etc/nologin file, etc.

security file will be referred even after the system is converted to trusted. It provides extended security features.

Have a look at the security manual, it describes for each option if it applies for trusted systems.

http://docs.hp.com/en/B3921-60631/security.4.html

Best wishes,

Ganesh.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.