HPE Community
Operating System - HP-UX
1822497 Members
2563 Online
109642 Solutions
New Discussion юеВ

HP UX password problem

 
Balasubramaniyan
New Member

тАО12-18-2010 01:30 AM

тАО12-18-2010 01:30 AM

HP UX password problem

Hi to everyone.
I try to set a new password policy in hp ux. So i login as root in HP ux and edit the file /etc/default/security as follows:
min password length 10
min uppercase 2
min lowercase 1
min digits 1
min special character 1
min password change 0
warning days 7
max password change 14

The file is successfully saved.

After that when i login in hp ux as user account, unable to change my password.

The error is as follows:
passwd
current password:XXXXX
New password:YYYY
password too short it must be atleast 10 character.

I entered new password according to my password policy.

Please give a solution for this.
0 Kudos
Reply
5 REPLIES 5
Steven Schweda
Honored Contributor

тАО12-18-2010 07:13 AM

тАО12-18-2010 07:13 AM

Re: HP UX password problem

> [...] in hp ux. [...]

Not a very detailed description of anything,
but then why ask in a Linux forum?

uname -a

> min password length 10

> New password:YYYY
> password too short it must be atleast 10 character.
>
> I entered new password according to my
> password policy.

Perhaps you did, but "YYYY" does not look to
me as if it had a length of at least 10
characters (or at least one digit, or ...).
But, of course, with my weak psychic powers,
it's hard for me to know exactly what you put
in, if all you'll say is "YYYY".

> Please give a solution for this.

Please give a less worthless description of
what you did. (And did the actual message
say "atleast"?)


As usual on HP-UX, you might look at the
special characters in the list from:

stty -a

Trying to use those in a password can lead to
problems.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО12-19-2010 11:10 PM

тАО12-19-2010 11:10 PM

Re: HP UX password problem

I hope you used the correct syntax for the options and the file, and not what you have posted.

The correct form of all options in /etc/default/security (as defined in the 'man security' page on my HP-UX 11.11 system) for what you have selected are:

MIN_PASSWORD_LENGTH=10
PASSWORD_MIN_UPPER_CASE_CHARS=2
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1

My security man page does not define equivalents for the min password change time, warning day or max password change time. These may be available but you need to check the man page for whatever version of HP-UX you are using.

Note also that the options are in all upper case in the man page, which is probably a good indication that they should be that way in the security file as well.
0 Kudos
Reply
Balasubramaniyan
New Member

тАО12-19-2010 11:38 PM

тАО12-19-2010 11:38 PM

Re: HP UX password problem

Very thanks for the reply. Here i typed what i did in the hp ux in step by steps:

HP UX version is as follows:
uname -a
HP-UX hpunix B.11.31 U ia64

vi /etc/default/security

UMASK=22
ABORT_LOGIN_ON_MISSING_HOMEDIR=1SK=22
ABORT_LOGIN_ON_MISSING_HOMEDIR=1
NOLOGIN=1
SU_DEFAULT_PATH=/sbin:/usr/sbin:/usr/bin
PASSWORD_WARNDAYS=7
PASSWORD_MINDAYS=0
PASSWORD_MAXDAYS=14
PASSWORD_MIN_UPPER_CASE_CHARS=2
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_HISTORY_DEPTH=5
MIN_PASSWORD_LENGTH=10
PASSWORD_MIN_SPECIAL_CHARS=1

I set the password values as above and saved the file successfully.

Then after i created a new user in root as follows:
.> useradd sample
.> passwd sample
New Password: Password
Re-enter the Password: Password
Password token successfully updated.

The user account (sample) is successfully created.

Then after i enter in hpux using sample account and try to change the password as follows:
passwd
current password: Password
New password: ASd1+qwert
Password too short it must be atleast 10 character

The above messages comes for all the combinations of password, eventhough it satisfy the above password policy(for all user account).

What could be the actual mistake or problem i did?

Waiting for reply.
0 Kudos
Reply
rajesh_32
Advisor

тАО12-20-2010 03:38 AM

тАО12-20-2010 03:38 AM

Re: HP UX password problem

see man security
MIN_PASSWORD_LENGTH
This attribute controls the minimum length of new passwords. On trusted systems it applies to all users. On standard systems it applies to non-root local users and to NIS users. The system-wide default defined here may be overridden by defining per-user values in /var/adm/userdb (described in
userdb(4)).


MIN_PASSWORD_LENGTH=N
New passwords must contain at least N characters. For standard systems, N
can be any value from 3 to 8. For trusted
systems, N can be any value from 6 to 80.

Default value: MIN_PASSWORD_LENGTH=6

Here MIN_PASSWORD_LENGTH=10
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО12-20-2010 04:23 AM

тАО12-20-2010 04:23 AM

Re: HP UX password problem

Which password storage mode are you using?

HP-UX 11.31 has three options:

a) the legacy Unix way (hashed passwords in /etc/passwd)
b) Trusted System Mode (hashed passwords in /tcb/files/auth/?/* files): if file /tcb/files/auth/system/default exists, you're using this mode.
c) shadow passwords (hashed passwords in /etc/shadow): if /etc/shadow exists, you're using this mode.

The legacy Unix way (mode a) does not allow passwords longer than 8 characters: each time you enter a password, any extra characters beyond the first 8 are cut off. This is to maintain compatibility with the legacy Unix password hashing algorithm crypt(). If you're using this mode and set the minimum password length policy to value larger than 8, you create a situation where a normal user cannot change the password at all. Root can still set passwords, because root authority overrides the password policy.


Mode b), the Trusted System Mode, uses bigcrypt() instead of crypt() to generate password hashes, so it can potentially handle longer passwords. The maximum allowed password length is controlled by u_maxlen value, which is normally set system-wide, but can be set individually for each user.

Normally this limit value is set to 8 characters, to maximize compatibility with traditional Unix systems. This might be cutting your password back to 8 characters, making it too short.

To see the system-wide default maximum password length in Trusted System Mode, run:
/usr/lbin/getprdef -m maxpwln

If you think a user-specific maximum length has been set, run:
/usr/lbin/getprpw -m maxpwln

If it responds "maxpwln=-1", it means the system-wide default is in effect for that user.


With shadow passwords (mode c) the default password encryption algorithm still limits you to 8-character passwords only, but if you install the optional PHI11i3 package, you can use a newer password hashing algorithm that removes this limitation:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PHI11i3

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=LongPassword11i3

Rajesh already pointed to you the documented limits for the minimum password length policy setting: here I've tried to explain what is the cause of those limits.

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.