HPE Community
Operating System - HP-UX
1819900 Members
2456 Online
109607 Solutions
New Discussion юеВ

How to enable Password Policy using /etc/default/security file

 
Michael R Louw
Occasional Contributor

тАО03-10-2010 06:48 AM

тАО03-10-2010 06:48 AM

How to enable Password Policy using /etc/default/security file

Dear Gurus,

I am currently busy testing the above-mentioned on a Testing Server. I created the /etc/default/security with the parameter that I want to implement on our Production server but when testing it does not work. The only parameter that work is " ABORT_LOGIN_ON_MISSING_HOMEDIR" parameter. The other parameters are as follows:

ABORT_LOGIN_ON_MISSING_HOMEDIR=1
MIN_PASSWORD_LENGTH=10
PASSWORD_HISTORY_DEPTH=5
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1
PASSWORD_MAXDAYS=45
PASSWORD_MINDAYS=0
PASSWORD_WARNDAYS=7

Is there something else that I should install/activate for this to work?

Thank you in advance.
Michael
0 Kudos
3 REPLIES 3
mvpel
Trusted Contributor

тАО03-10-2010 08:08 AM

тАО03-10-2010 08:08 AM

Re: How to enable Password Policy using /etc/default/security file

What do you mean by "does not work?" What kind of testing are you doing and what are the results of specific tests? Are you on a trusted-mode system, or do you have any security packages installed, such as shadow passwords or standard mode security extensions?

It won't block existing passwords that don't meet the criteria listed, for example - the minimums only apply to new passwords. The minimum length is not applicable to root on non-trusted systems, per the man page.

The PASSWORD_MIN stuff is only available if PHCO_24606 or later is installed, per the man page.

If your system is in trusted mode, you also need to check /tcb/files/auth/system/default, and each user's TCB database entry for values that may override these defaults.

The /etc/default/security file must be world-readable, also, per the man page, and this requirement would necessarily include the /etc and /etc/default directories.
0 Kudos
Pete Randall
Outstanding Contributor

тАО03-10-2010 08:17 AM

тАО03-10-2010 08:17 AM

Re: How to enable Password Policy using /etc/default/security file

What version of hp-ux are you running? On 11.11, for example, many of these options are available on trusted systems only:

"password history depth configuration is on a system basis and is supported in trusted system for users in files repository only"


Pete

Pete
0 Kudos
Michael R Louw
Occasional Contributor

тАО03-11-2010 04:16 AM

тАО03-11-2010 04:16 AM

Re: How to enable Password Policy using /etc/default/security file

None
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.