1830172 Members
4838 Online
109999 Solutions
New Discussion

Password Complexity

 
Anish Xavier
Occasional Advisor

Password Complexity

I have a sever with HPUX 11.23 installed,I need to enforce the password complexity so i modified the /etc/default/security as per below:

MIN_PASSWORD_LENGTH=8
PASSWORD_HISTORY_DEPTH=10
PASSWORD_MIN_UPPER_CASE_CHARS=2
PASSWORD_MIN_LOWER_CASE_CHARS=2
PASSWORD_MIN_DIGIT_CHARS=2
PASSWORD_MIN_SPECIAL_CHARS=2

But none of the above settings are effective when we are changing the password.

Is there any patch to be applied.

Pls help me for solving this issue.

Regards,
Anish



11 REPLIES 11
Tim Nelson
Honored Contributor

Re: Password Complexity

Two possibilities.

1) When editing the default file you might have missed something. use sam or getprpw to confirm.

2) userid is not using defaults, using their own settings. confirm with sam or use getprpw username to review what is at default or not. You can always look at each users auth entries as well. -1 typically indicates default.



Anish Xavier
Occasional Advisor

Re: Password Complexity

Hi Tim

The command getprpw not working,
It is showing command not found.

How i get this file.

regards,

Anish
A. Clay Stephenson
Acclaimed Contributor

Re: Password Complexity

/usr/lbin is not in your PATH.

execute "/usr/lbin/getprpw username"
If it ain't broke, I can fix that.
Anish Xavier
Occasional Advisor

Re: Password Complexity

Hi clay,

Now the command is working

it is showing system is not trusted.

Whether i have to convert server to trusted mode for making /etc/default/security file usable.

Regards,
Anish
Sundar_7
Honored Contributor

Re: Password Complexity

You can have /etc/default/security file without converting the system to trusted. However, some of the variables like PASSWORD_HISTORY_DEPTH and MIN_PASSWORD_LENGTH will be ignored or have restrictions in the non-trusted mode.

If you would like your above mentioned settings to be effective, convert the system to trusted.
Learn What to do ,How to do and more importantly When to do ?
Tim Nelson
Honored Contributor

Re: Password Complexity

Without trusted system enabled the only legit settings are the below as listed in the login man page.

Refer to the /etc/default/security file in the security(4) man page
for detailed information on configurable parameters that affect the
behavior of this command. Currently supported parameters are:

ABORT_LOGIN_ON_MISSING_HOMEDIR

NOLOGIN

NUMBER_OF_LOGINS_ALLOWED
Court Campbell
Honored Contributor

Re: Password Complexity

You probably need to install the HP-UX Standard Mode Security Extensions(freebie):


http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt


Or you could go to trusted mode.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Richard Darling
Trusted Contributor

Re: Password Complexity

Anish,
Please see this link on trusted systems if you are thinking of implementing the chnage.
RD
http://docs.hp.com/en/B2355-90121/index.html

Anish Xavier
Occasional Advisor

Re: Password Complexity

Hi all

This server is member of Serviceguard cluster with HNFS configured.

whether The conversion from nontrusted to trusted mode will affect cluster environment as well as application?

Regards,

Anish
A. Clay Stephenson
Acclaimed Contributor

Re: Password Complexity

whether The conversion from nontrusted to trusted mode will affect cluster environment as well as application?

This is an "it depends" situation. For example, if you are running NIS then you cannot convert to Trusted. Also, how password and group data are distributed within your cluster will need to be reviewed and possibly change. The good news is that the trusted system is all but invisible to the vast majority of applications so that passwd and group lookups work just as expected (the underlying UNIX libc functions hide this from the applications). Your packages *should* be okay but the only way to know is to test.

Issues like this are the reason that test and sandbox environments are not a luxury but a requirement.
If it ain't broke, I can fix that.
Anish Xavier
Occasional Advisor

Re: Password Complexity

Hi all,

Whether The utility pwplus will help me to set Password complexity?

Regrds

Anish