/etc/default/security and Trusted Systems

A. Daniel King_1 · ‎01-26-2004

Hi, folks.

Does /etc/default/security have any real meaning on a trusted system? Are there settings which are ignored? Does this file get deleted/created with [de]converting to a trusted system?

Overall, I'd like to hear some about some anecdotal experience with this file including specifics, gotchas, etc.

Thanks!

Command-Line Junkie

Sridhar Bhaskarla · ‎01-26-2004

Hi,

Yes. /etc/default/security will provide more options like PASSWORD_HISTORY_DEPTH, password format like PASSWORD_MIN_UPPER_CASE_CHARS, PASSWORD_MIN_LOWER_CASE_CHARS etc., that cannot be set with modprpw commands on a trusted system.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Jeff Schussele · ‎01-26-2004

Hi,

Yes - it's where you can define PW composition - i.e. minimum upper/lower case, min digits & special character that must be included in PWs. As well as PW history depth which won't allow PW repeats for so many iterations.
We use it on all of our servers.

HTH,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Robert-Jan Goossens · ‎01-26-2004

Hi,

Check this doc,

Europe
http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000066734723
US
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000066734723

Document description: How to increase the password restrictions
Document id: KBRC00011604

Regards,
Robert-Jan

Bill Hassell · ‎01-26-2004

/etc/default/security works on Trusted, non-Trusted and Shadow systems (but not on 10.20 or earlier). The man pages have not kept up with the changes since there are various modules that look at the security file. It is not created automatically. Attached is the most complete security file as I can find.

NOTES:

- Not all options apply to 11.0 or even 11.11. It all depends on having the latest security patches, specifically for libpam.

- Not all options apply to Trusted (or non-Trusted or Shadow). The comments in the file will sort them out.

- There is no validity checker for the file. Thus, the only way to validate the setting is to test it. Note also that a # character anywhere on the line cancels the line (so trailing comments turn the entire line into a comment). For /etc/default/security, spelling counts!

Security in 11.0 and higher is defined in several places depending on whether the system is Trusted, Shadowed, or non-Trusted. Check the man pages for: authcap prpwd security getprpw

Bill Hassell, sysadmin

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

/etc/default/security and Trusted Systems

/etc/default/security and Trusted Systems

Re: /etc/default/security and Trusted Systems

Re: /etc/default/security and Trusted Systems

Re: /etc/default/security and Trusted Systems

Re: /etc/default/security and Trusted Systems