HPE Community
Operating System - HP-UX
1753614 Members
6244 Online
108797 Solutions
New Discussion юеВ

Re: using PASSWORD_HISTORY_DEPTH

 
SOLVED
Go to solution
rosa maria_1
Advisor

тАО03-18-2010 11:49 AM

тАО03-18-2010 11:49 AM

using PASSWORD_HISTORY_DEPTH

Hi,

what kind of implications or issues can be generated if PASSWORD_HISTORY_DEPTH is activated ??

thanks in advance
0 Kudos
10 REPLIES 10
Tim Nelson
Honored Contributor

тАО03-18-2010 12:03 PM

тАО03-18-2010 12:03 PM

Solution

Re: using PASSWORD_HISTORY_DEPTH

only that a password cannot be reused for more than once in X number of changes.

e.g.
PASSWORD_HISTORY_DEPTH=10
must change password 10 times before the same password could be reused.

are you thinking of something more ?
0 Kudos
rosa maria_1
Advisor

тАО03-18-2010 12:11 PM

тАО03-18-2010 12:11 PM

Re: using PASSWORD_HISTORY_DEPTH

well, I have seen that pwhist_* files are generated because of this variable in /tcb/files/auth/system/pwhist, is it correct? in this case root filesystem (/) can be full if this files are not configured correctly in my system, right?
so I though other kind of similar issue can the system has...
Am I right??
0 Kudos
rosa maria_1
Advisor

тАО03-18-2010 12:14 PM

тАО03-18-2010 12:14 PM

Re: using PASSWORD_HISTORY_DEPTH

I forgot to say, this variable is commented in the security file, but I do not the why, so I need to know implications before activate this variable in my system ...
0 Kudos
Steven E. Protter
Exalted Contributor

тАО03-18-2010 12:15 PM

тАО03-18-2010 12:15 PM

Re: using PASSWORD_HISTORY_DEPTH

Shalom,

Unless you have a HUGE pile of users, 8 digit passwords are not going to fill up the root file system.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Tim Nelson
Honored Contributor

тАО03-18-2010 12:26 PM

тАО03-18-2010 12:26 PM

Re: using PASSWORD_HISTORY_DEPTH

Good question.

On my DB servers with 5 users and DEPTH=10 and passwd change at 6 times a year I have 32k of histories.

A years worth ~= 6k per user ?

if that math is correct the even with 1000 users with 30day change requirements would only be about 12m, right ?

no worries.

0 Kudos
rosa maria_1
Advisor

тАО03-18-2010 12:46 PM

тАО03-18-2010 12:46 PM

Re: using PASSWORD_HISTORY_DEPTH

Yep, but I do not know if it is the only one problem can I have or can be other like this ...
0 Kudos
rosa maria_1
Advisor

тАО03-18-2010 03:13 PM

тАО03-18-2010 03:13 PM

Re: using PASSWORD_HISTORY_DEPTH

Thanks for your support !!!!
0 Kudos
Bill Hassell
Honored Contributor

тАО03-18-2010 06:06 PM

тАО03-18-2010 06:06 PM

Re: using PASSWORD_HISTORY_DEPTH

> Yep, but I do not know if it is the only one problem can I have or can be other like this ...

The biggest problem will be with your users which will be unhappy about not being able to bounce between a couple of favorite passwords. The space required is trivial. The reason it is commented out is like many options in the default security file (in the past, there was no file at all) is that the system administrator should make a conscious decision about security restrictions.


Bill Hassell, sysadmin
0 Kudos
rosa maria_1
Advisor

тАО03-19-2010 12:20 PM

тАО03-19-2010 12:20 PM

Re: using PASSWORD_HISTORY_DEPTH

you have reason...

Thanks all for you, every answer helps me a lot ...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.