Solved: default passwd settings on "non trusted" system

Paul Ettema · ‎10-21-2009

We have a "non trusted" hp-ux 11i system
and I want to know:
What the default security settings are.

There is a directory /etc/default/ but no file "security"

Paul.

Sunny Jaisinghani · ‎10-21-2009

copy the file from some other server and change the variables as per your need

Sunny Jaisinghani · ‎10-21-2009

IF your server is non trusted then some security features from /etc/default/security won't work as those features depend on the tcb database.

Which security features are you lookig for???

Paul Ettema · ‎10-21-2009

Hi Sunny,

like: min/max password length

R.K. # · ‎10-21-2009

Hi Paul..

Password length is governed by "/etc/default/security" file.

Inside that file you will find:

MIN_PASSWORD_LENGTH
This parameter controls the minimum length of new passwords. It is not applicable to the root user on an untrusted system.

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For untrusted systems N can be any value from 6 to 8. For trusted systems N can be any value from 6 to 80.

Hope this helps..

Don't fix what ain't broke

R.K. # · ‎10-21-2009

Hi Again,

Try using sam for this:
SAM -> Auditing and Security -> System Security Policies -> Password Format policies -> maximum password length

Regds..

Don't fix what ain't broke

Hakki Aydin Ucar · ‎10-21-2009

>RK :MIN_PASSWORD_LENGTH

it is good for Trusted Systems not untrusted systems.

Hakki Aydin Ucar · ‎10-21-2009

Correction for my answer to RK:

/etc/default/security will give the only parameter for non-trusted systems:

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For non-trusted systems N can be any value from 6 to 8, while can be any value from 6 to 80 for Trusted system.

Ganesan R · ‎10-21-2009

Hi Paul,

There won't be any security settings implied to the users if the systems is not trused or /etc/default/security files doesn't exist.

You can copy or create security file by your own. To know more about the parameters in security file and it's explanations, read the man page or go here..

http://docs.hp.com/en/B2355-60127/security.4.html

Best wishes,

Ganesh.

Paul Ettema · ‎10-22-2009

@(1) R.K.#
no file "/etc/default/security"

@(2) R.K.#
Then I got dthe message "You need to convert to a Trusted System before proceeding. ..."

@(1) Hakki Aydin
I have "non trusted"

@(2) Hakki Aydin
Where is it defined on "non trusted"? I don't have "/etc/default/security"

F Verschuren · ‎10-22-2009

if you do not have the file,
the max passwd is 8 (you can use more caracters, but you will see that when entering the passwd the firat 8 are enauf to login.. so if somebody is thinking he has a 9 caracter passwd when youing to trusted mode ore when setting the max om 9 his passwd wil nologer work (unless he is only typing the first 8)

there is no other limitation to the passwd that are used

ps some passwd settings like max passwd age that can be set in the /etc/passwd file. if this options are used you encripted passwd fielt in the /etc/passwd is getting longer, for more info man passwd.

Alsow it is poseble to gain a shadow file, please check if you have one (this will change my anwser)

Paul Ettema · ‎11-03-2009

Thanks all for input.
it is clear for me now (and for auditor)

Paul.

default passwd settings on "non trusted" system

default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system

Re: default passwd settings on "non trusted" system