cancel
Showing results for 
Search instead for 
Did you mean: 

User password Security

SOLVED
Go to solution
Leah Chow
Frequent Advisor

User password Security

I have a new HP Integrity RX6600 server, I need to create users to use some applications. I modified the /etc/default/security file to define some password policy:


# Password history depth
PASSWORD_HISTORY_DEPTH=5

# Optional restrictions for new passwords
# PASSWORD_MIN_UPPER_CASE_CHARS=0
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
# PASSWORD_MIN_SPECIAL_CHARS=2

# Standard and Shadow modes only: number
# of days that passwords are valid
# PASSWORD_MAXDAYS=175
PASSWORD_MINDAYS=90


When i use smh or sam to create user account, i click on 'Modify users security policies', then 'password aging policies' , it has default (enabled) function, something like this:

time between password changes (days): 0
password expiration time (days): 182
Password Expiration warning time (days): 7
password Life time (days): 196

I gave each user a temperaory password, so i need to click on

password age status:

expire password immediately

to expire password as soon as the user log on.

My question is which policy will system follow? the security file or the sam?

thanks for your help
Leah
3 REPLIES
Ganesan R
Honored Contributor
Solution

Re: User password Security

Hi,

If you have converted the system to trusted mode then the global security policies you define on SAM will be applicable to all the users. You can also define user level security policies in trusted configuration by selecting individual users.

/etc/default/security policies will be applicable to non-trusted systems.
Best wishes,

Ganesh.
Leah Chow
Frequent Advisor

Re: User password Security

It is trusted mode server, so it means i don't even need to modify the security file at all, right?

thanks
Leah
Ganesan R
Honored Contributor

Re: User password Security

>>>It is trusted mode server, so it means i don't even need to modify the security file at all, right?<<<

Not really...There are many parameters you can set in security file which cannot be set on trusted configurations. Like Password history depth,
Number of logins allowed per user, How to behave when user home dir is missing, Password min upper/lower/special characters,
ignorance of /etc/nologin file, etc.

security file will be referred even after the system is converted to trusted. It provides extended security features.

Have a look at the security manual, it describes for each option if it applies for trusted systems.

http://docs.hp.com/en/B3921-60631/security.4.html

Best wishes,

Ganesh.