Hi Rana:
> Do I need to create this file in the said path? Is it possible to configure this file according to my requirement keeping system untrusted?
Yes, you need to create the file named '/etc/default/security' if it doesn't already exist. The manpages detail the options and caveats.
Unless you are going to convert your system from an untrusted to a trusted environment, your mininum and maximum password length will be limited to 6-to-8 characters. Trusted systems allow the minimum length to range from 6-to-80.
Since untrusted systems enforce a password length minimum of six (6) for non-root users, the use of the '/etc/default/security' file on an untrusted system to alter password length doesn't offer more than a two-character increase to a minimum of eight (8). Too, only the first 8-characters of a password are significant on an untrusted system, so both your minimum *and* maxiumum size cannot exceed 8-characters thereon.
Certainly, however, there are other features and reasons to (1) enable the 'security' file (see the 'security(4)' manpages); (2) convert to a shadow password file (see the manpages for 'shadow(4)'); or (3) convert to a trusted system.
If you read the 'security(4)' manpages with these choices in mind, you will see that some of the configuation options for the 'security' file require either a shadow password environment or a trusted one.
Regards!
...JRF...
