HPE Community
Operating System - HP-UX
1832686 Members
2856 Online
110043 Solutions
New Discussion

default passwd settings on "non trusted" system

 
SOLVED
Go to solution
Paul Ettema
Advisor

‎10-21-2009 12:58 AM

‎10-21-2009 12:58 AM

default passwd settings on "non trusted" system

We have a "non trusted" hp-ux 11i system
and I want to know:
What the default security settings are.

There is a directory /etc/default/ but no file "security"

Paul.
0 Kudos
11 REPLIES 11
Sunny Jaisinghani
Trusted Contributor

‎10-21-2009 02:37 AM

‎10-21-2009 02:37 AM

Re: default passwd settings on "non trusted" system

copy the file from some other server and change the variables as per your need
0 Kudos
Sunny Jaisinghani
Trusted Contributor

‎10-21-2009 02:53 AM

‎10-21-2009 02:53 AM

Re: default passwd settings on "non trusted" system

IF your server is non trusted then some security features from /etc/default/security won't work as those features depend on the tcb database.

Which security features are you lookig for???
0 Kudos
Paul Ettema
Advisor

‎10-21-2009 02:57 AM

‎10-21-2009 02:57 AM

Re: default passwd settings on "non trusted" system

Hi Sunny,

like: min/max password length
0 Kudos
R.K. #
Honored Contributor

‎10-21-2009 03:02 AM

‎10-21-2009 03:02 AM

Re: default passwd settings on "non trusted" system

Hi Paul..

Password length is governed by "/etc/default/security" file.

Inside that file you will find:

MIN_PASSWORD_LENGTH
This parameter controls the minimum length of new passwords. It is not applicable to the root user on an untrusted system.

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For untrusted systems N can be any value from 6 to 8. For trusted systems N can be any value from 6 to 80.

Hope this helps..
Don't fix what ain't broke
0 Kudos
R.K. #
Honored Contributor

‎10-21-2009 03:03 AM

‎10-21-2009 03:03 AM

Re: default passwd settings on "non trusted" system

Hi Again,

Try using sam for this:
SAM -> Auditing and Security -> System Security Policies -> Password Format policies -> maximum password length

Regds..
Don't fix what ain't broke
0 Kudos
Hakki Aydin Ucar
Honored Contributor

‎10-21-2009 03:39 AM

‎10-21-2009 03:39 AM

Re: default passwd settings on "non trusted" system

>RK :MIN_PASSWORD_LENGTH

it is good for Trusted Systems not untrusted systems.
0 Kudos
Hakki Aydin Ucar
Honored Contributor

‎10-21-2009 03:45 AM

‎10-21-2009 03:45 AM

Re: default passwd settings on "non trusted" system

Correction for my answer to RK:

/etc/default/security will give the only parameter for non-trusted systems:

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For non-trusted systems N can be any value from 6 to 8, while can be any value from 6 to 80 for Trusted system.
0 Kudos
Ganesan R
Honored Contributor

‎10-21-2009 04:19 AM

‎10-21-2009 04:19 AM

Re: default passwd settings on "non trusted" system

Hi Paul,

There won't be any security settings implied to the users if the systems is not trused or /etc/default/security files doesn't exist.

You can copy or create security file by your own. To know more about the parameters in security file and it's explanations, read the man page or go here..

http://docs.hp.com/en/B2355-60127/security.4.html
Best wishes,

Ganesh.
0 Kudos
Paul Ettema
Advisor

‎10-22-2009 03:12 AM

‎10-22-2009 03:12 AM

Re: default passwd settings on "non trusted" system

@(1) R.K.#
no file "/etc/default/security"

@(2) R.K.#
Then I got dthe message "You need to convert to a Trusted System before proceeding. ..."

@(1) Hakki Aydin
I have "non trusted"

@(2) Hakki Aydin
Where is it defined on "non trusted"? I don't have "/etc/default/security"

0 Kudos
F Verschuren
Esteemed Contributor

‎10-22-2009 03:28 AM

‎10-22-2009 03:28 AM

Solution

Re: default passwd settings on "non trusted" system

if you do not have the file,
the max passwd is 8 (you can use more caracters, but you will see that when entering the passwd the firat 8 are enauf to login.. so if somebody is thinking he has a 9 caracter passwd when youing to trusted mode ore when setting the max om 9 his passwd wil nologer work (unless he is only typing the first 8)

there is no other limitation to the passwd that are used

ps some passwd settings like max passwd age that can be set in the /etc/passwd file. if this options are used you encripted passwd fielt in the /etc/passwd is getting longer, for more info man passwd.

Alsow it is poseble to gain a shadow file, please check if you have one (this will change my anwser)
0 Kudos
Paul Ettema
Advisor

‎11-03-2009 11:45 PM

‎11-03-2009 11:45 PM

Re: default passwd settings on "non trusted" system

Thanks all for input.
it is clear for me now (and for auditor)

Paul.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.