HPE Community
Operating System - HP-UX
1834140 Members
2480 Online
110064 Solutions
New Discussion

About password policy setting in untrusted system

 
ikbea
Frequent Advisor

‎03-10-2004 06:54 PM

‎03-10-2004 06:54 PM

About password policy setting in untrusted system

Hi all,

In HPUX 10.20 untrusted system, how to set the following for user accounts ?

1. Password Expiry Grace period (I can find the password expiry interval only in 'password aging')

2. Keep password history for times

3. Disable user after times unseccessful
login

4. Kill session for idle mins/secs

Thanks
0 Kudos
Reply
11 REPLIES 11
Sunil Sharma_1
Honored Contributor

‎03-10-2004 08:09 PM

‎03-10-2004 08:09 PM

Re: About password policy setting in untrusted system

I don't think you can do much on this.
specially on HPUX 10.20 in 11i you can set some policies in /etc/default/security file.

Only way is to convert system in trusted mode.

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
ikbea
Frequent Advisor

‎03-10-2004 08:24 PM

‎03-10-2004 08:24 PM

Re: About password policy setting in untrusted system

Do all the above features available if I convert from 10.20 non-trusted to 10.20 trusted system ?
0 Kudos
Reply
Hoefnix
Honored Contributor

‎03-10-2004 09:18 PM

‎03-10-2004 09:18 PM

Re: About password policy setting in untrusted system

Hi,

I think you will have almost all except #4.
But be aware of all other issues when converting to trusted. All apsswords will be expired and truncated to 8 chareacters for example.

HTH,
Peter
0 Kudos
Reply
Darren Prior
Honored Contributor

‎03-10-2004 10:42 PM

‎03-10-2004 10:42 PM

Re: About password policy setting in untrusted system

Hi,

I have to point out that 10.20 is an obsolete OS. That said, if you want to convert it to a trusted system, it's vital that you ensure it's well patched. There are a number of essential trusted patches, if they are missing it would be dangerous to convert the system. Have a search through the forums if you need to know the patches - I've posted them in a couple of threads previously.

I don't think a 10.20 trusted system will give you password history as I believe it's determined in /etc/default/security.

Option 4 is not part of a trusted setup.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Floyd Curtis
Frequent Advisor

‎03-11-2004 02:20 AM

‎03-11-2004 02:20 AM

Re: About password policy setting in untrusted system

Regarding number 4
4. Kill session for idle mins/secs

Do a search for info on the shell variable TMOUT (upper case). There are ways for setting it globally or user specific if you place in there .profile

good luck
fwc
0 Kudos
Reply
ikbea
Frequent Advisor

‎03-11-2004 02:38 PM

‎03-11-2004 02:38 PM

Re: About password policy setting in untrusted system

Thanks for all response and I will consider whether change to trusted system or not.
0 Kudos
Reply
ikbea
Frequent Advisor

‎03-11-2004 06:19 PM

‎03-11-2004 06:19 PM

Re: About password policy setting in untrusted system

Another related question,
Does 10.20 support keeping password history (e.g. keep records of the last 3 passwords)? According to threadid=60172, do I need to apply patch PHCO-13913 ?

Thanks again!
0 Kudos
Reply
Isralyn Manalac_1
Regular Advisor

‎03-11-2004 06:45 PM

‎03-11-2004 06:45 PM

Re: About password policy setting in untrusted system

no password history on 10.20.
0 Kudos
Reply
ikbea
Frequent Advisor

‎03-11-2004 07:28 PM

‎03-11-2004 07:28 PM

Re: About password policy setting in untrusted system

Which version have password history feature? 10.x or 11.0 or 11i ?
0 Kudos
Reply
Darren Prior
Honored Contributor

‎03-11-2004 09:19 PM

‎03-11-2004 09:19 PM

Re: About password policy setting in untrusted system

Hi,

The patch you mentioned is probably the first time /etc/default/security was mentioned for 10.20, however it does not cover password history. This feature is available at 11.00 and 11i and above. For 11.00 you will need to have a recent libpam patch.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Colin Topliss
Esteemed Contributor

‎03-12-2004 12:22 AM

‎03-12-2004 12:22 AM

Re: About password policy setting in untrusted system

BEFORE converting to trusted (C2), please bear in mind that it will possibly break any client/server applications that use authentication. The method for querying the password file changes under C2, and most applications don't cater for this. Also, back under 10.20, there was a problem if your root password was not C2 compliant when the system was converted. When trying to log into root after conversion, it would complain that the password was invalid. Trying to change the password would also fail.

HP did recently release the shadow password capability as a separate entity, but this doesn't work with LDAP or NIS, and I don't remember if there was a version for HP-UX10.20.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.