Re: how to specify MINIMUM number of characters in user passwd?

Joe Robinson_2 · ‎11-12-2004

I'm running 11.00. I need to have my users use a passwd w/ at least 10 characters to meet new security regs, but the only parameter I have found in security settings is a maximum number of characters. Does HP-UX support this somewhere?

Thanks in advance,
Joe

Joe Robinson_2 · ‎11-12-2004

Forgot to mention, the system IS trusted.

Jean-Luc Oudart · ‎11-12-2004

/etc/default/security
parameter is :
# MIN_PASSWORD_LENGTH
# This parameter controls the minimum length of new passwords.
# passwords. It is not applicable to the root user on a untrusted
#
# MIN_PASSWORD_LENGTH=N New passwords must contain at least N
# characters. For untrusted systems N can be any value from 6 to 8.

Regards
Jean-Luc

fiat lux

Sridhar Bhaskarla · ‎11-12-2004

Hi Joe,

Use /etc/default/security file. On 11.0, you will need to install a patch. I believe the latest patch is PHCO_29249.

Use MIN_PASSWORD_LENGTH to set to your requirements.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Bill Hassell · ‎11-12-2004

I would run the security_patch_check script to get all the recent patches (which will include the latest man page for security. There are many features in the security file as well as the global Trusted Systems directory that control the acceptability of a new password. The attached script will summarize your current settings.

Bill Hassell, sysadmin

Joe Robinson_2 · ‎11-15-2004

should have included this in previous post; is there a way to make the system HAVE to use at least 2 special characters?

Patrick Wallek · ‎11-15-2004

If you have the patches installed that enable the use of /etc/default security, do a 'man security'. There should be a keyword you can use in the file called PASSWORD_MIN_SPECIAL_CHARS and it use is

PASSWORD_MIN_SPECIAL_CHARS=2

or whatever number of special characters you want.

Joe Robinson_2 · ‎11-30-2004

just a follow up...does HPUX support forcing a user to use a certain number of upper and lower case characters as well? Thanks!

Jean-Luc Oudart · ‎11-30-2004

Joe

same config file.
You want to look at these parameters :
#PASSWORD_MIN_UPPER_CASE_CHARS

#PASSWORD_MIN_LOWER_CASE_CHARS

#PASSWORD_MIN_DIGIT_CHARS=2

#PASSWORD_MIN_SPECIAL_CHARS

Regards
Jean-Luc

fiat lux

Jean-Luc Oudart · ‎11-30-2004

You can also check description with :
http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=B2355-60105&service=hpux&path=00/40/4035&title=HP-UX%20Reference%20%2811i%20v2%2004/09%29

Regards
Jean-Luc

fiat lux

Bill Hassell · ‎11-30-2004

Herer is a sample /etc/security file with lots of comments. As mentioned, some of these options do nothing unless you have the latest security patches:

# Security file: /etc/default/security
# man security

# Features depend on HP-UX rev and patches. Not all features are
# available on older systems.
#
# Comments (#) allowed only on separate line,
# no trailing # following a parameter or it
# will invalidate the setting

# Access controls (11.0 and higher)
#################

NOLOGIN=1
NUMBER_OF_LOGINS_ALLOWED=0
ABORT_LOGIN_ON_MISSING_HOMEDIR=0

# Single user mode authorization (11i and non-trusted only)
###########################################################

# Requires root password to get into single user mode
# BOOT_AUTH=1

# Users (besides root) that can boot into single user mode
# BOOT_USERS=bill,jane,joe

# Password controls - Trusted
###################

MIN_PASSWORD_LENGTH=6
PASSWORD_HISTORY_DEPTH=1
PASSWORD_MIN_UPPER_CASE_CHARS=0
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=0

# Non-Trusted or shadow password setup only:
# defaults: MAXDAYS=-1 MINDAYS=0 WARNDAYS=0

# PASSWORD_MAXDAYS=120
# PASSWORD_MINDAYS=7
# PASSWORD_WARNDAYS=7

# Session controls
##################

SU_ROOT_GROUP=suroot
SU_DEFAULT_PATH=/usr/bin:/usr/contrib/bin:
UMASK=022
# SU_KEEP_ENV_VARS=LD_LIBRARY_PATH,SHLIB_PATH,LD_PRELOAD

Bill Hassell, sysadmin

Joe Robinson_2 · ‎04-11-2005

Is there a means to only allow certain special characters (some conflict with our Oracle rdbms such as @,$, etc.)

Thanks,
Joe Robinson

Bill Hassell · ‎04-11-2005

No, HP-UX does not have a mechanism to restrict password character choices. Password choices collide with MANY different systems including Windows, Macs, Oracle, other versions of HP-UX (trusted versus untrusted), Linux, etc). Depending on how much spare time you have, LDAP may be the solution (single sign-on authority).

Bill Hassell, sysadmin

Joe Robinson_2 · ‎04-11-2005

ahhhh...LDAP. My programmer will be so thrilled :)

Thanks for the assist!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: how to specify MINIMUM number of characters in user passwd?

how to specify MINIMUM number of characters in user passwd?