HPE Community
Operating System - HP-UX
1832058 Members
3182 Online
110034 Solutions
New Discussion

check password strength

 
Simon Jespersen
Frequent Advisor

‎05-18-2006 09:49 PM

‎05-18-2006 09:49 PM

check password strength

Hi! Ive have done some modifiction on user security and have done a scan with enterprise security manager (symantec software) and i get reports saying.


User without system password strength The passwords for the accounts listed have not been checked by the system's password strength program. All passwords should be checked both by the system's password strength program and by Symantec ESM's Password Strength module.

what do esm mean by systems password strength program ?

0 Kudos
Reply
6 REPLIES 6
RAC_1
Honored Contributor

‎05-18-2006 10:12 PM

‎05-18-2006 10:12 PM

Re: check password strength

I do not think hp has something like that. HP system can have trusted computer base and extended security system(I think only for latest OS versions)

Symantech ESM should have required details in documents.
There is no substitute to HARDWORK
0 Kudos
Reply
Chan 007
Honored Contributor

‎05-18-2006 10:19 PM

‎05-18-2006 10:19 PM

Re: check password strength

Hi Simon,

I guess some of your user's password fails in one of the following

Minimum Length
History Length
Require non-alphabetic character
Maximum Password Age
Number of Invalid Logins before lock out
Reset Locout counter-reset after
Reset local out after duration

These are the paramenter that Password Strength is calculated. The log file is password.m, that will have the details of the errors that you getting check that to solve the problem

Hope this helps
Chan
0 Kudos
Reply
Simon Jespersen
Frequent Advisor

‎05-18-2006 10:28 PM

‎05-18-2006 10:28 PM

Re: check password strength

Hi thank you for the anwsers im chekking out your replies, how can i se if a system is running in a trusted mode, our servers are suppose do run tcb. but i want to be shure.
0 Kudos
Reply
Chan 007
Honored Contributor

‎05-18-2006 11:01 PM

‎05-18-2006 11:01 PM

Re: check password strength

Simon,

Even though you have a trusted system , you can have this ems s/w configured on you system.

To check you are in a trusted system check the following,

you will have all users in /tcb/files/auth

check r directory for root users information, if you have a user called simon, his information will be in s (lowercase).

emc process will run as agent. So check the logs as said in the prev thread.

Try downloading EMS documents from Symentec website.

Chan
0 Kudos
Reply
RAC_1
Honored Contributor

‎05-18-2006 11:24 PM

‎05-18-2006 11:24 PM

Re: check password strength

You can run following commands to do some certain basic checking
grpck
authck
pwck
/usr/sbin/logins -d
/usr/sbin/logins -p
There is no substitute to HARDWORK
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-19-2006 12:59 AM

‎05-19-2006 12:59 AM

Re: check password strength

The Symantec program may or may not be compatible with HP-UX Trusted systems. If you do not have a directory /tcb, then you have don't have any password strength features. But if you have a Trusted system (or you convert to Trusted), you should have created and edited the file /etc/default/security and add the features listed in the man page for security. These features should be set to correspond to your corporate security standards.

The Symantec generic term "system's password strength program" is referring to the passwd program in HP-UX which uses either standard password policies (not Trusted) or looks at the /tcb default policies as well as the security file. SAM can display the password policies currently set on your system.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.