Operating System - HP-UX
1833776 Members
2234 Online
110063 Solutions
New Discussion

newbie question - hp-ux 11i security

 
SOLVED
Go to solution
cokster
Occasional Contributor

newbie question - hp-ux 11i security

hi all, without converting to TCB, what security parameters (eg. passwd length, passwd aging, acct. lockout, timeout and etc) can I set for 11i? What are their system default vales? And how (and where) do I set them? Thanks!
3 REPLIES 3
Zigor Buruaga
Esteemed Contributor
Solution

Re: newbie question - hp-ux 11i security

Hi,

You could use "/etc/default/security":
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=216645

You can do "man passwd" and "man security" for more options.
Take also a look at this document:
http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/hpux11isecuritywp.pdf

Hope this helps.
Kind regards,
Zigor
Michael Steele_2
Honored Contributor

Re: newbie question - hp-ux 11i security

Probably want PAM, which limits groups, and enforces complex passwords. Pluggable Auth. Module.

Many HP clients are adding SSH to defeat network sniffers which can read passwords as transmitted over the network. SSH encrypts passwords.

TMOUT=3600 will disconnect a login after 1 hour idle. Put TMOUT in /etc/profile or $HOME/.profile.

'sudo' goes with root access.

And, as mentioned, /etc/default/security. Here is an example: Specify the minimum number of required characters of each type
(upper case characters, lower case characters, digits
and special characters) in a new password.
PASSWORD_MIN_UPPER_CASE_CHARS=N
PASSWORD_MIN_LOWER_CASE_CHARS=N
PASSWORD_MIN_DIGIT_CHARS=N
PASSWORD_MIN_SPECIAL_CHARS=N

http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0x7132eea29889d611abdb0090277a778c%2C00.html&admit=716493758+1064895966960+28353475
Support Fatherhood - Stop Family Law
aparna challagulla
Valued Contributor

Re: newbie question - hp-ux 11i security

hi Cokster,
the security parameters can be set using the /etc/default/security configuration file in 11i.
u can set various security parameters in this file like this -
parameter=value

if the value is not set the default value is taken by the system.Ex-
MIN_PASSWORD_LENGTH=N ( default is 6 )
the password aging canbe set using the passwd command.

passwd -n min -x max username

command for a/c lockout is

passwd -l username

there are alot of options available. pl go thro the manpages for a clear picture.

HTH
aparna



If you don't have time to do it right you must have time to do it over