HPE Community
Operating System - HP-UX
1830212 Members
1435 Online
109999 Solutions
New Discussion

Password Complexity

 
Anish Xavier
Occasional Advisor

‎03-16-2007 03:31 AM

‎03-16-2007 03:31 AM

Password Complexity

I have a sever with HPUX 11.23 installed,I need to enforce the password complexity so i modified the /etc/default/security as per below:

MIN_PASSWORD_LENGTH=8
PASSWORD_HISTORY_DEPTH=10
PASSWORD_MIN_UPPER_CASE_CHARS=2
PASSWORD_MIN_LOWER_CASE_CHARS=2
PASSWORD_MIN_DIGIT_CHARS=2
PASSWORD_MIN_SPECIAL_CHARS=2

But none of the above settings are effective when we are changing the password.

Is there any patch to be applied.

Pls help me for solving this issue.

Regards,
Anish



0 Kudos
Reply
11 REPLIES 11
Tim Nelson
Honored Contributor

‎03-16-2007 03:35 AM

‎03-16-2007 03:35 AM

Re: Password Complexity

Two possibilities.

1) When editing the default file you might have missed something. use sam or getprpw to confirm.

2) userid is not using defaults, using their own settings. confirm with sam or use getprpw username to review what is at default or not. You can always look at each users auth entries as well. -1 typically indicates default.



0 Kudos
Reply
Anish Xavier
Occasional Advisor

‎03-16-2007 03:39 AM

‎03-16-2007 03:39 AM

Re: Password Complexity

Hi Tim

The command getprpw not working,
It is showing command not found.

How i get this file.

regards,

Anish
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎03-16-2007 03:43 AM

‎03-16-2007 03:43 AM

Re: Password Complexity

/usr/lbin is not in your PATH.

execute "/usr/lbin/getprpw username"
If it ain't broke, I can fix that.
0 Kudos
Reply
Anish Xavier
Occasional Advisor

‎03-16-2007 03:50 AM

‎03-16-2007 03:50 AM

Re: Password Complexity

Hi clay,

Now the command is working

it is showing system is not trusted.

Whether i have to convert server to trusted mode for making /etc/default/security file usable.

Regards,
Anish
0 Kudos
Reply
Sundar_7
Honored Contributor

‎03-16-2007 03:54 AM

‎03-16-2007 03:54 AM

Re: Password Complexity

You can have /etc/default/security file without converting the system to trusted. However, some of the variables like PASSWORD_HISTORY_DEPTH and MIN_PASSWORD_LENGTH will be ignored or have restrictions in the non-trusted mode.

If you would like your above mentioned settings to be effective, convert the system to trusted.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Tim Nelson
Honored Contributor

‎03-16-2007 03:57 AM

‎03-16-2007 03:57 AM

Re: Password Complexity

Without trusted system enabled the only legit settings are the below as listed in the login man page.

Refer to the /etc/default/security file in the security(4) man page
for detailed information on configurable parameters that affect the
behavior of this command. Currently supported parameters are:

ABORT_LOGIN_ON_MISSING_HOMEDIR

NOLOGIN

NUMBER_OF_LOGINS_ALLOWED
0 Kudos
Reply
Court Campbell
Honored Contributor

‎03-16-2007 03:58 AM

‎03-16-2007 03:58 AM

Re: Password Complexity

You probably need to install the HP-UX Standard Mode Security Extensions(freebie):


http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt


Or you could go to trusted mode.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Richard Darling
Trusted Contributor

‎03-16-2007 03:59 AM

‎03-16-2007 03:59 AM

Re: Password Complexity

Anish,
Please see this link on trusted systems if you are thinking of implementing the chnage.
RD
http://docs.hp.com/en/B2355-90121/index.html

0 Kudos
Reply
Anish Xavier
Occasional Advisor

‎03-16-2007 04:07 AM

‎03-16-2007 04:07 AM

Re: Password Complexity

Hi all

This server is member of Serviceguard cluster with HNFS configured.

whether The conversion from nontrusted to trusted mode will affect cluster environment as well as application?

Regards,

Anish
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎03-16-2007 04:23 AM

‎03-16-2007 04:23 AM

Re: Password Complexity

whether The conversion from nontrusted to trusted mode will affect cluster environment as well as application?

This is an "it depends" situation. For example, if you are running NIS then you cannot convert to Trusted. Also, how password and group data are distributed within your cluster will need to be reviewed and possibly change. The good news is that the trusted system is all but invisible to the vast majority of applications so that passwd and group lookups work just as expected (the underlying UNIX libc functions hide this from the applications). Your packages *should* be okay but the only way to know is to test.

Issues like this are the reason that test and sandbox environments are not a luxury but a requirement.
If it ain't broke, I can fix that.
0 Kudos
Reply
Anish Xavier
Occasional Advisor

‎03-16-2007 05:01 AM

‎03-16-2007 05:01 AM

Re: Password Complexity

Hi all,

Whether The utility pwplus will help me to set Password complexity?

Regrds

Anish
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.