HPE Community
Operating System - HP-UX
1833012 Members
2775 Online
110048 Solutions
New Discussion

/etc/default/security file on an untrusted system

 
SOLVED
Go to solution
Michael Campbell
Trusted Contributor

‎09-10-2002 12:35 AM

‎09-10-2002 12:35 AM

/etc/default/security file on an untrusted system

Folks

Can the following parameters be set in the /etc/default/security file on an untrusted system?

PASSWORD_HISTORY_DEPTH
PASSWORD_MIN_UPPER_CASE_CHARS
PASSWORD_MIN_LOWER_CASE_CHARS
PASSWORD_MIN_DIGIT_CHARS
PASSWORD_MIN_SPECIAL_CHARS

We don't want to convert to trusted but we have installed the PHCO_26089 patch.

Any help appreciated.

Michael
0 Kudos
Reply
3 REPLIES 3
Darren Prior
Honored Contributor

‎09-10-2002 01:46 AM

‎09-10-2002 01:46 AM

Solution

Re: /etc/default/security file on an untrusted system

Hi Michael,

Yes you can use those functions on an untrusted system. Please note that according to the patch text:

"These parameters have effect only when a password is changed. On untrusted systems, these parameters do not apply to the root user. The file /etc/default/security should be owned by root and have 0644 permissions."

Root can still override the rules when changing a user password.

If you attempt to change a password to something that doesn't comply with the rules you'll see a message like:

"The password entered is not valid. Valid password must contains at least:

2 upper case character(s)
3 lower case character(s)
etc.."

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
Pete Randall
Outstanding Contributor

‎09-10-2002 02:17 AM

‎09-10-2002 02:17 AM

Re: /etc/default/security file on an untrusted system

Michael,

Absolutely! We've been using the SU_ROOT_GROUP feature on untrusted systems for quite some time now.

Enjoy,
Pete

Pete
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎09-11-2002 02:08 AM

‎09-11-2002 02:08 AM

Re: /etc/default/security file on an untrusted system

All on your list EXCEPT the PASSWORD_HISTORY_DEPTH should work fine when not in trusted mode. That one won't work because the password history info is stored under /tcb, which doesn't exist except in trusted mode.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.