Operating System - HP-UX
1833875 Members
1900 Online
110063 Solutions
New Discussion

Re: Changing password construction requirements on trusted system

 
SOLVED
Go to solution
Bruce Rhind
New Member

Changing password construction requirements on trusted system

We have converted to trusted systems on our 10.x and 11.x systems.

Is there a way to override the HP-UX password construction requirements that force a password to have at least 1 numeric character?

It'd be nice to allow just the root user to be able to do this. I've reviewed the options for the modprpw and modprdef commands as well as the /etc/default/security file, and see no options to override this setting.

Does anyone know if this is possible? Or, am I requesting something that defeats the purpose of converting to a trusted system in the first place...

Thanks.
Beer is food.
5 REPLIES 5
Stefan Farrelly
Honored Contributor
Solution

Re: Changing password construction requirements on trusted system

 
Im from Palmerston North, New Zealand, but somehow ended up in London...
Armin Feller
Honored Contributor

Re: Changing password construction requirements on trusted system

modprdef(1M) is used to modify the security policies, ie:

# /usr/lbin/modprdef -m usrpick=YES,rstrpw=YES,nullpw=NO, syspnpw=NO,syschpw=YES,sysltpw=YES,bootpw=NO,umaxlntr=4,llog=0, tmaxlntr=11,dlylntr=1,lntmout=10,maxpwln=7

Password Format Policies:

maxpwln ==> Maximum Password Length
nullpw ==> Allow Null Passwords
rstrpw ==> Use Restriction Rules
usrpick ==> User Specifies
syschpw ==> System Generates Character
sysltpw ==> System Generates Letters only
syspnpw ==> System Generates Pronounceable

Password Aging Policies

exptm ==> Password Expiration Time (days)
expwarn ==> Password Expiration Warning Time (days)
lftm ==> Password Life Time (days)
mintm ==> Time Between Password Changes (days)

NOTE: If password aging is disabled, all above parameters are set
to 0.

General User Account Policies

bootpw ==> Require Login Upon Boot To Single-User State
llog ==> Maximum Inactive Time (days)
umaxlntr ==> Unsuccessful login Tries Allowed

NOTE: If Lock Inactive Accounts is disabled, llog is set to 0.

Terminal Security Policies

dlylntr ==> Delay Between Login Tries (sec)
lntmout ==> Login Timeout Value (sec)
tmaxlntr ==> Unsuccessful Login Tries Allowed
Steve Steel
Honored Contributor

Re: Changing password construction requirements on trusted system

Hi

User specifiable Attributes are:
password length,
whether alpha and numeric or not.
You can set the amount (in days) after which an account will become inactive due to nobody signing in .

The following command will unlock the account.

/usr/lbin/modprpw -k userid


HPUX 11i include man pages for modprpw, getprpw.

These pages are not available on 11.00.

search on www.docs.hp.com

Regards

Steve Steel

Quote of the moment
-------------------
"We are drowning in information but starved for knowledge."
-- John Naisbitt
If you want truly to understand something, try to change it. (Kurt Lewin)
RAC_1
Honored Contributor

Re: Changing password construction requirements on trusted system

I think you can do it in trusted mode with modprdef.

check sysltpw option -- System Generates Letters only

There is no substitute to HARDWORK
Bruce Rhind
New Member

Re: Changing password construction requirements on trusted system

Thanks for the immediate responses.

It does not appear that modprpw has setting to override the requirement for 1 numeric character in a password, even if root is setting the account.

I modified the user's password setup with the modprpw command, and changed the following parameters to "NO":

rstprpw=NO
syspnpw=NO
syschpw=NO
sysltpw=NO

However, still when is issue "passwd testuser"
and attempt to set the password to "foobar", I get the response:

"Password must contain at least two alphabetic characters and at least one numeric or special character."

Any other ideas?
Beer is food.