HPE Community
Operating System - HP-UX
1826499 Members
1782 Online
109692 Solutions
New Discussion

Excluding user account from /etc/default/security settings

 
SOLVED
Go to solution
James R Stewart
New Member

‎05-06-2010 07:10 AM

‎05-06-2010 07:10 AM

Excluding user account from /etc/default/security settings

Hello,
My company is implementing tighter security controls on our HP_UX 11.11 systems.

Existing service accounts exist (tied to the application on the box) that are used by many people all over the world.

Q: Is it possible for instance to exclude a user account "oracle" from the password policy settings contained in /etc/default/security/:
MIN_PASSWORD_LENGTH=8
PASSWORD_WARNDAYS=10
PASSWORD_MINDAYS=1
PASSWORD_MAXDAYS=56
PASSWORD_HISTORY_DEPTH=12

From my limited experience, the answer is no, but I wanted to ask those more knowledgeable.

Thanks,
James
0 Kudos
5 REPLIES 5
Patrick Wallek
Honored Contributor

‎05-06-2010 07:38 AM

‎05-06-2010 07:38 AM

Solution

Re: Excluding user account from /etc/default/security settings

No, that is not possible as far as I know.

The setting in /etc/default/security are global.
0 Kudos
atul2701
Frequent Advisor

‎05-06-2010 07:51 AM

‎05-06-2010 07:51 AM

Re: Excluding user account from /etc/default/security settings

Hi James,

if you are using trusted system than you can exclude oracle accont. For that you need to change the seetings for oracle user using modprpw command.
Atul Gupta
0 Kudos
Steven E. Protter
Exalted Contributor

‎05-06-2010 08:51 AM

‎05-06-2010 08:51 AM

Re: Excluding user account from /etc/default/security settings

Shalom James,

The password requirements can probably not be overridden. e.g. the complexity requirements. Though passwd and modprpw command may be able to be used to override the length of time a password is good.

To override complexity requirements you can set the oracle password with the root user. Be forewarned: Many security audits try and crack the password of important users. If you choose something too simple, it will show up on a security audit report.

I recall a company I worked with in India had a system hacked and the oracle password was guessed. The password was set to oracle. They bad!!!

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
James R Stewart
New Member

‎05-06-2010 09:53 AM

‎05-06-2010 09:53 AM

Re: Excluding user account from /etc/default/security settings

thank you all, you have answered my question
0 Kudos
James R Stewart
New Member

‎05-06-2010 10:01 AM

‎05-06-2010 10:01 AM

Re: Excluding user account from /etc/default/security settings

solution found
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.