HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Bastille - password aging issue.
Operating System - HP-UX
1830657
Members
28704
Online
110015
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2002 05:29 AM
11-25-2002 05:29 AM
Hi,
HP-UX 11.0 Bastille B.02.00
(ITO 5.39)
We ran Bastille on a L2000 server and because we run HPOV
ITO this caused a problem when
the Bastille tool converted the server into a "trusted system". The problem occurs
when it enables password aging.
Is there a way to turn off
password aging? I disabled it
after Bastille ran but I would like to have it disabled during and after Bastille runs. Does Bastille
have this option? Is there some way I can disable password aging so that Bastille won't enable it?
10 points to any good answer.
Thank you Gino.
HP-UX 11.0 Bastille B.02.00
(ITO 5.39)
We ran Bastille on a L2000 server and because we run HPOV
ITO this caused a problem when
the Bastille tool converted the server into a "trusted system". The problem occurs
when it enables password aging.
Is there a way to turn off
password aging? I disabled it
after Bastille ran but I would like to have it disabled during and after Bastille runs. Does Bastille
have this option? Is there some way I can disable password aging so that Bastille won't enable it?
10 points to any good answer.
Thank you Gino.
Solved! Go to Solution.
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2002 07:12 AM
11-25-2002 07:12 AM
Solution
Gino,
Read this thread, Keith Buck says you can customize the security:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4f9793e260b0d611abdb0090277a778c,00.html
live free or die
harry
Read this thread, Keith Buck says you can customize the security:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4f9793e260b0d611abdb0090277a778c,00.html
live free or die
harry
Live Free or Die
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2002 09:34 AM
11-26-2002 09:34 AM
Re: Bastille - password aging issue.
Gino,
From my samlog when I use SAM to disable password aging:
Executing the following command:
/usr/lbin/modprdef -m \
usrpick=YES,rstrpw=NO,nullpw=NO,syspnpw=YES,syschpw=NO,sysltpw=YES,bootpw=NO,mintm=0,lftm=0,exptm=0,expwarn=0,umaxlntr=3,llog=-1,tmaxlntr=10,dlylntr=2,lntmout=0,maxpwln=8
Note that that very long line is all on the same line, no spaces. Also note that this command does more things by setting all parameters explicitly. You should be able to do something shorter like:
/usr/lbin/modprdef -m mintm=0,exptm=0,lftm=0,llog=0,expwarn=0
(Formatting is coming across strangely, sorry...)
Bastille does not currently provide all of the knobs that SAM does in terms of setting specific password policies; it is more automated. We will add this to our futures list and continue to improve the flexibility in this area. Thanks for asking! :)
Also, thanks for the feedback about this specific option in OVO and its interrelationship with trusted mode/password aging. We'll at least add that to the question as a warning.
From my samlog when I use SAM to disable password aging:
Executing the following command:
/usr/lbin/modprdef -m \
usrpick=YES,rstrpw=NO,nullpw=NO,syspnpw=YES,syschpw=NO,sysltpw=YES,bootpw=NO,mintm=0,lftm=0,exptm=0,expwarn=0,umaxlntr=3,llog=-1,tmaxlntr=10,dlylntr=2,lntmout=0,maxpwln=8
Note that that very long line is all on the same line, no spaces. Also note that this command does more things by setting all parameters explicitly. You should be able to do something shorter like:
/usr/lbin/modprdef -m mintm=0,exptm=0,lftm=0,llog=0,expwarn=0
(Formatting is coming across strangely, sorry...)
Bastille does not currently provide all of the knobs that SAM does in terms of setting specific password policies; it is more automated. We will add this to our futures list and continue to improve the flexibility in this area. Thanks for asking! :)
Also, thanks for the feedback about this specific option in OVO and its interrelationship with trusted mode/password aging. We'll at least add that to the question as a warning.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2002 09:51 AM
11-26-2002 09:51 AM
Re: Bastille - password aging issue.
Keith,
From what you are saying is
that Bastille currently does not have the option of disabling the "password expiration" function.
I can disable this option after the fact with SAM.
If I disabled password expirations (SAM) before I run the Bastille tool will this stop Bastille from doing so when it is run?
10 points to any good answer.
Thank you Gino.
From what you are saying is
that Bastille currently does not have the option of disabling the "password expiration" function.
I can disable this option after the fact with SAM.
If I disabled password expirations (SAM) before I run the Bastille tool will this stop Bastille from doing so when it is run?
10 points to any good answer.
Thank you Gino.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2002 09:25 AM
12-03-2002 09:25 AM
Re: Bastille - password aging issue.
If I disabled password expirations (SAM) before I run the Bastille tool will this stop Bastille from doing so when it is run?
Yes. Bastille will detect that the system is already trusted and not take any action. We're working on functionality which will detect this case and not even ask the question.
Maybe in the future we'll get more granular options within Bastille for password policies, etc. but for now we'll leave that in the realm of SAM. (SAM has a lot of functionality in this area and it would be a lot of work to duplicate all of it, and I wouldn't know where to stop.)
Hope that helps.
Yes. Bastille will detect that the system is already trusted and not take any action. We're working on functionality which will detect this case and not even ask the question.
Maybe in the future we'll get more granular options within Bastille for password policies, etc. but for now we'll leave that in the realm of SAM. (SAM has a lot of functionality in this area and it would be a lot of work to duplicate all of it, and I wouldn't know where to stop.)
Hope that helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2002 09:56 AM
12-03-2002 09:56 AM
Re: Bastille - password aging issue.
Hi Keith,
Thank you for your reply.
I followed your advice and I "trusted" the system first using SAM and then I disabled the Password Aging" option.
Afterwards I ran Bastille and
it didn't expire the passwords
so this looks like the way to
get around this problem.
(10 points to any good answer)
Thank you again Gino.
Thank you for your reply.
I followed your advice and I "trusted" the system first using SAM and then I disabled the Password Aging" option.
Afterwards I ran Bastille and
it didn't expire the passwords
so this looks like the way to
get around this problem.
(10 points to any good answer)
Thank you again Gino.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP