HPE Community
Operating System - HP-UX
1847177 Members
5192 Online
110263 Solutions
New Discussion

HP-UX password program

 
SOLVED
Go to solution
Karen Hall
Occasional Contributor

‎07-05-2002 12:29 PM

‎07-05-2002 12:29 PM

HP-UX password program

I would really like to modify the interactive statements for users changing their own passwords with something a little more descriptive of what the password program is expecting. Like "Your password has expired. Choose a new 8 character password with at least one numeric and one alpha character."

Any ideas other than stealing UNIX password program code?
0 Kudos
Reply
3 REPLIES 3
Tim D Fulford
Honored Contributor

‎07-05-2002 12:51 PM

‎07-05-2002 12:51 PM

Re: HP-UX password program

Try HP porting center & look for npasswd

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/npasswd-1.2.4/

It does not look tremendously promising from man pages but you can get the source code & put in your own messages.

Tim
-
0 Kudos
Reply
Daimian Woznick
Trusted Contributor

‎07-05-2002 12:58 PM

‎07-05-2002 12:58 PM

Re: HP-UX password program

The passwd+ program can also be customized fairly easily.

http://www.ja.net/CERT/Software/passwd+/

Don't know if this helps.
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎07-06-2002 03:38 AM

‎07-06-2002 03:38 AM

Solution

Re: HP-UX password program

Replacing the standard passwd programs is probably a bad idea. Too often it causes unexpected interactions with other programs. Before you go down that route you might want to try this:

If you have recent PAM patches, you can configure options that let you specify more password selection rules like this. The error messages will tell you:

$ passwd bin
Changing password for bin
Old password:
New password:
Password too short - must be at least 6 characters
New password:
The password entered is not valid. Valid passwords must contain at least:
1 upper case character(s),
0 lower case charcter(s),
1 digit(s), and
0 special character(s)
New password:

The rules are specified in
/etc/default/security as
explained below. You can customize them to meet your site's policies.

PHCO_24839 (11.11) or PHCO_26089 (11.00)
are the patches you would want to look at.

Quoting from the doc for
PHCO_24390 where this was originally introduced:

A site's security policies sometimes require new passwords
to contain specific numbers or types of characters, such as
at least two digits and at least one special character.
Resolution:
In addition to the standard password requirements,
optional entries in the file /etc/default/security specify
the minimum number of required characters of each type
(upper case characters, lower case characters, digits
and special characters) in a new password.
PASSWORD_MIN_UPPER_CASE_CHARS=N
PASSWORD_MIN_LOWER_CASE_CHARS=N
PASSWORD_MIN_DIGIT_CHARS=N
PASSWORD_MIN_SPECIAL_CHARS=N
The default value for N is 0. These parameters have
effect only when a password is changed. On untrusted
systems, these parameters do not apply to the root user.
The file /etc/default/security should be owned by root and
have 0644 permissions.
As an example, to require passwords at least 8 characters
long, composed of at least 5 upper case characters, 2
lower case characters and a digit, include the following
lines in /etc/default/security, as specified above:
PASSWORD_MIN_UPPER_CASE_CHARS=5
PASSWORD_MIN_LOWER_CASE_CHARS=2
PASSWORD_MIN_DIGIT_CHARS=1

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.