HPE Community
Operating System - HP-UX
1834486 Members
3245 Online
110067 Solutions
New Discussion

More /etc/default/security questions

 
John Lokka
New Member

‎04-19-2002 01:18 PM

‎04-19-2002 01:18 PM

More /etc/default/security questions

I've been trying to set the PASSWORD_HISTORY_DEPTH=3 in the /etc/default/security file. One time, I set the file to bin:bin. A different time, I set it to 544 root:sys. This is on an HP-UX 11.00. I set the min change password time to 0, 5, 10, and 15 secs for testing purposes. I see the files being created in /tcb/file/auth/system/pwhist, but, apparently, they aren't being checked. Am I doing something wrong?
0 Kudos
Reply
9 REPLIES 9
Mark Fenton
Esteemed Contributor

‎04-19-2002 04:28 PM

‎04-19-2002 04:28 PM

Re: More /etc/default/security questions

Per the man page, this works on Trusted Systems only.

"The password history depth configuration is on a system basis and is supported in trusted system for users in files repository only. This feature does not support the users in NIS or NISPLUS repositories."

If yours is not a trusted system, then it won't work....

Mark
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

‎04-19-2002 04:31 PM

‎04-19-2002 04:31 PM

Re: More /etc/default/security questions

never mind
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎04-19-2002 07:39 PM

‎04-19-2002 07:39 PM

Re: More /etc/default/security questions

Hi,

"This file must be world readable and root writable"

To be precise, the permissions you should set should be 644 (rw-r--r--) instead of 544 (r-xr--r--).

On my system, I tested with PASSWORD_HISTORY_DEPTH=2. It works fine on my HP-UX 11.20, prevents me from alternating between two passwords by checking the previous two that I have entered.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
John Lokka
New Member

‎04-21-2002 09:59 PM

‎04-21-2002 09:59 PM

Re: More /etc/default/security questions

Sorry, I see I missed typed it. Yes, I do have the permissions set to 644. Was there any significant security changes between 11.00 and 11.20 that would allow this functionality to become reality? Steven Sim Kok Leong, did you ever try this on an 11.00 system?
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎04-21-2002 10:23 PM

‎04-21-2002 10:23 PM

Re: More /etc/default/security questions

Hi John,

No, I have not tried this on a HP-UX 11.00, only on a HP-UX 11.20. However, if the functionality is indicated on the security man page for HP-UX 11.00, then it should rightfully work as indicated.

# man security

If your permissions are correct, then your setting of PASSWORD_HISTORY_DEPTH=3 should have prevented you from changing your password to any of the former 3 passwords.

1st abc123
2nd def234
3rd efg345
4th abc123 <- should fail

Is this not what you observed?

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Animesh Chakraborty
Honored Contributor

‎04-21-2002 10:39 PM

‎04-21-2002 10:39 PM

Re: More /etc/default/security questions

Hi,
I am using it on HPUX 11.00
It works fine.
Did you take a backup?
0 Kudos
Reply
John Lokka
New Member

‎04-22-2002 01:58 PM

‎04-22-2002 01:58 PM

Re: More /etc/default/security questions

Steven,

This is not the behavior I have seen, but I was only switching between 2 passwords, i.e. abc1234 and edfg1234. Does the maximum number of passwords need to be entered before password history works? IF this is the case, HP needs to fix it.
0 Kudos
Reply
Varghese Mathew
Trusted Contributor

‎04-22-2002 06:26 PM

‎04-22-2002 06:26 PM

Re: More /etc/default/security questions

Everyone,

There is one nice site which gives good information about /etc/default/security.

Here is the link to the site:
http://www.unixadm.net/howto/etc-security.html

Cheers !!!
Mathew
Cheers !!!
0 Kudos
Reply
John Lokka
New Member

‎04-24-2002 10:37 AM

‎04-24-2002 10:37 AM

Re: More /etc/default/security questions

IT appears there was a patch for the password history. PHCO_13808, which has been superseded by PHCO_25527.

Thanks everyone
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.