System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

using PASSWORD_HISTORY_DEPTH

 
SOLVED
Go to solution
rosa maria_1
Advisor

using PASSWORD_HISTORY_DEPTH

Hi,

what kind of implications or issues can be generated if PASSWORD_HISTORY_DEPTH is activated ??

thanks in advance
10 REPLIES
Tim Nelson
Honored Contributor
Solution

Re: using PASSWORD_HISTORY_DEPTH

only that a password cannot be reused for more than once in X number of changes.

e.g.
PASSWORD_HISTORY_DEPTH=10
must change password 10 times before the same password could be reused.

are you thinking of something more ?
rosa maria_1
Advisor

Re: using PASSWORD_HISTORY_DEPTH

well, I have seen that pwhist_* files are generated because of this variable in /tcb/files/auth/system/pwhist, is it correct? in this case root filesystem (/) can be full if this files are not configured correctly in my system, right?
so I though other kind of similar issue can the system has...
Am I right??
rosa maria_1
Advisor

Re: using PASSWORD_HISTORY_DEPTH

I forgot to say, this variable is commented in the security file, but I do not the why, so I need to know implications before activate this variable in my system ...
Steven E. Protter
Exalted Contributor

Re: using PASSWORD_HISTORY_DEPTH

Shalom,

Unless you have a HUGE pile of users, 8 digit passwords are not going to fill up the root file system.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Tim Nelson
Honored Contributor

Re: using PASSWORD_HISTORY_DEPTH

Good question.

On my DB servers with 5 users and DEPTH=10 and passwd change at 6 times a year I have 32k of histories.

A years worth ~= 6k per user ?

if that math is correct the even with 1000 users with 30day change requirements would only be about 12m, right ?

no worries.

rosa maria_1
Advisor

Re: using PASSWORD_HISTORY_DEPTH

Yep, but I do not know if it is the only one problem can I have or can be other like this ...
rosa maria_1
Advisor

Re: using PASSWORD_HISTORY_DEPTH

Thanks for your support !!!!
Bill Hassell
Honored Contributor

Re: using PASSWORD_HISTORY_DEPTH

> Yep, but I do not know if it is the only one problem can I have or can be other like this ...

The biggest problem will be with your users which will be unhappy about not being able to bounce between a couple of favorite passwords. The space required is trivial. The reason it is commented out is like many options in the default security file (in the past, there was no file at all) is that the system administrator should make a conscious decision about security restrictions.


Bill Hassell, sysadmin
rosa maria_1
Advisor

Re: using PASSWORD_HISTORY_DEPTH

you have reason...

Thanks all for you, every answer helps me a lot ...
rosa maria_1
Advisor

Re: using PASSWORD_HISTORY_DEPTH

Every answer helps me to validate options and to know implications about security servers.