HPE Community
Operating System - HP-UX
1832833 Members
2834 Online
110047 Solutions
New Discussion

Re: password change baner, change?

 
SOLVED
Go to solution
Wes Kaufmann
Super Advisor

‎01-17-2003 08:26 AM

‎01-17-2003 08:26 AM

password change baner, change?

System 11.0, Can I change the password change banner so it looks something like below or add the below statement to password change? Also, can you make a change in /etc/default/security to meet the below requirements?

========== Your password has expired =============



Passwords will have to be at least 8 characters in length and must contain three of the following four required elements.



o At least one number

o At least one capital letter

o At least one lowercase letter

o At least one special character (examples: ! @ # $ % ^ & * ( ) , . ? )



============================================

0 Kudos
Reply
8 REPLIES 8
Chris Wong
Trusted Contributor

‎01-17-2003 08:39 AM

‎01-17-2003 08:39 AM

Re: password change baner, change?

The parameters in /etc/default/security are:
PASSWORD_MIN_UPPER_CASE_CHARS
PASSWORD_MIN_LOWER_CASE_CHARS
PASSWORD_MIN_DIGIT_CHARS
PASSWORD_MIN_SPECIAL_CHARS

Force the user to specify a minimum number of a specific type of characters when setting their password (see PHCO_26089). I'm not sure about 11.0, but you should be able to do a search. I'm not sure the exact feedback the password banner will give, but I'd assume you'll only see the type of message you wrote after the user enters a password that does not conform.

- Chris
0 Kudos
Reply
Wes Kaufmann
Super Advisor

‎01-17-2003 08:44 AM

‎01-17-2003 08:44 AM

Re: password change baner, change?

Thanks but can I make them do only 3 out of the 4 parameters?

And how can I make them see our custom message rather than the default password change banner?

0 Kudos
Reply
Chris Wong
Trusted Contributor

‎01-17-2003 08:51 AM

‎01-17-2003 08:51 AM

Re: password change baner, change?

I don't think you can. I'll install the needed patches and play with it. I think only a program like npasswd will let you change the password banner.

- Chris
0 Kudos
Reply
Wes Kaufmann
Super Advisor

‎01-17-2003 09:13 AM

‎01-17-2003 09:13 AM

Re: password change baner, change?

Thanks Chris. I can probably get away with locking it into 3 or the 4 parameters. I really need to change the banner so I'll look at npasswd unless I hear how I can do it with passwd.
0 Kudos
Reply
Chris Wong
Trusted Contributor

‎01-17-2003 10:53 AM

‎01-17-2003 10:53 AM

Re: password change baner, change?

I was able to get it to check for all 4:

Changing password for jrice
Old password:
Last successful password change for jrice: Fri Jan 17 08:28:57 2003
Last unsuccessful password change for jrice: Fri Jan 17 10:28:38 2003

New password:
Password too short - must be at least 6 characters
New password:
The password entered is not valid. Valid passwords must contain at least:
1 upper case character(s),
1 lower case charcter(s),
1 digit(s), and
1 special character(s).
New password:

But you are right, you won't be able to change the password banner. If you are not succesful another thought would be to create a PAM module that runs before the unix module that does nothing but displays the banner. I'm not sure if you can do that or not, just an idea.

# Password management
#
login password required /usr/lib/security/libpam_unix.1
passwd password required /usr/lib/security/banner_unix.1
passwd password required /usr/lib/security/libpam_unix.1

- Chris
0 Kudos
Reply
Wes Kaufmann
Super Advisor

‎01-17-2003 11:19 AM

‎01-17-2003 11:19 AM

Re: password change baner, change?

Chris,

How did you put in the informaiton for the error response:

New password:
Password too short - must be at least 6 characters
New password:
The password entered is not valid. Valid passwords must contain at least:
1 upper case character(s),
1 lower case charcter(s),
1 digit(s), and
1 special character(s).
0 Kudos
Reply
Chris Wong
Trusted Contributor

‎01-17-2003 12:25 PM

‎01-17-2003 12:25 PM

Solution

Re: password change baner, change?

All I did was put these entries in the /etc/default/security file
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1

Works on trusted and not. But, you only get that feedback after you enter a password that doesn't comply.

- Chris
Reply
Wes Kaufmann
Super Advisor

‎01-17-2003 12:29 PM

‎01-17-2003 12:29 PM

Re: password change baner, change?

Chris, Thanks. I didn't quite get it that setting the values automatically sets the error message but now I SEE!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.