newbie question - hp-ux 11i security

cokster · ‎09-29-2003

hi all, without converting to TCB, what security parameters (eg. passwd length, passwd aging, acct. lockout, timeout and etc) can I set for 11i? What are their system default vales? And how (and where) do I set them? Thanks!

Zigor Buruaga · ‎09-29-2003

Hi,

You could use "/etc/default/security":
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=216645

You can do "man passwd" and "man security" for more options.
Take also a look at this document:
http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/hpux11isecuritywp.pdf

Hope this helps.
Kind regards,
Zigor

Michael Steele_2 · ‎09-29-2003

Probably want PAM, which limits groups, and enforces complex passwords. Pluggable Auth. Module.

Many HP clients are adding SSH to defeat network sniffers which can read passwords as transmitted over the network. SSH encrypts passwords.

TMOUT=3600 will disconnect a login after 1 hour idle. Put TMOUT in /etc/profile or $HOME/.profile.

'sudo' goes with root access.

And, as mentioned, /etc/default/security. Here is an example: Specify the minimum number of required characters of each type
(upper case characters, lower case characters, digits
and special characters) in a new password.
PASSWORD_MIN_UPPER_CASE_CHARS=N
PASSWORD_MIN_LOWER_CASE_CHARS=N
PASSWORD_MIN_DIGIT_CHARS=N
PASSWORD_MIN_SPECIAL_CHARS=N

http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0x7132eea29889d611abdb0090277a778c%2C00.html&admit=716493758+1064895966960+28353475

Support Fatherhood - Stop Family Law

aparna challagulla · ‎09-29-2003

hi Cokster,
the security parameters can be set using the /etc/default/security configuration file in 11i.
u can set various security parameters in this file like this -
parameter=value

if the value is not set the default value is taken by the system.Ex-
MIN_PASSWORD_LENGTH=N ( default is 6 )
the password aging canbe set using the passwd command.

passwd -n min -x max username

command for a/c lockout is

passwd -l username

there are alot of options available. pl go thro the manpages for a clear picture.

HTH
aparna

If you don't have time to do it right you must have time to do it over

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

newbie question - hp-ux 11i security

newbie question - hp-ux 11i security

Re: newbie question - hp-ux 11i security

Re: newbie question - hp-ux 11i security

Re: newbie question - hp-ux 11i security