HPE Community
Operating System - HP-UX
1827401 Members
5555 Online
109965 Solutions
New Discussion

Password format dictionary in HP Trusted System

 
SOLVED
Go to solution
YLTan
Frequent Advisor

‎05-01-2003 08:22 PM

‎05-01-2003 08:22 PM

Password format dictionary in HP Trusted System

Does HP Trusted System support a dictionary password where certain password are not allowed to be use by users at all e.g aaaaaaaa, bbbbbbbb, 1111111, 2222222, userID, company name, etc.

I am refering to password format where sys.admin can configured it in a dictionary file somewhere in HP Trusted System and prevent users from using it at the first time.
tyl
0 Kudos
Reply
6 REPLIES 6
Michael Tully
Honored Contributor

‎05-01-2003 08:38 PM

‎05-01-2003 08:38 PM

Re: Password format dictionary in HP Trusted System

There are a few options that are allowed. See 'sam' --> auditing and security --> system security policies --> password format policies -->
selections allowed:
system generates pronouncable
system generates character
system generates letters only
user specifies

Use the "use restriction rules" box to minimise what can be used. As far as dictionaries are concerned, it does not use it like how you may think. "Quote from a HP person on this subject"
If you are interested in using the dictionary check, please be aware that the standard dictionary does not contain any words with non-alpha characters. As a password must have a non-alpha character this means that you'll need to generate your own dictionary complete with these hybrid words.

HTH
Michael
Anyone for a Mutiny ?
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎05-01-2003 08:56 PM

‎05-01-2003 08:56 PM

Re: Password format dictionary in HP Trusted System

The below document can answer all your Q's.

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000066734723
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎05-01-2003 10:11 PM

‎05-01-2003 10:11 PM

Re: Password format dictionary in HP Trusted System

Didn't that doc show you the parameters which can be used for configuring the settings for the password.

do you need some more help.Please revert
0 Kudos
Reply
YLTan
Frequent Advisor

‎05-01-2003 10:43 PM

‎05-01-2003 10:43 PM

Re: Password format dictionary in HP Trusted System

What I need is to be able to define specifically non-allowable password such as Hewlett, Packard, John, Edward, Edward123, Hewlett789, John21, 21BakerSt,
tyl
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎05-02-2003 01:05 AM

‎05-02-2003 01:05 AM

Re: Password format dictionary in HP Trusted System

To my knowledge there is no option like non-allowable passwords in HPUX as well as in Windows.

Let me too wait for any other suggestions.


Thanks
0 Kudos
Reply
Darren Prior
Honored Contributor

‎05-02-2003 01:57 AM

‎05-02-2003 01:57 AM

Solution

Re: Password format dictionary in HP Trusted System

Hi,

Yes, it is possible to do what you require regarding passwords. Michael's quote from an HP person may possibly have been from me as it's something I have investigated in the past.

Firstly you need to have Use Restriction Rules set in the system policies, as Michael stated.

My testing shows that the default dictionary is used, ie /usr/share/dict/hlista. This is the US dictionary, so words like color instead of colour will feature. The UK dictionary (hlistb) is not used - I know of no way to specify this as there is no way of adding options to the spell command embedded within the passwd functionality.

Additional words can be added to the dictionary using the method described in the man page for spell(1). This is where you'd be adding the Edward123, etc. You can use echo | spell to see if a word is already in the dictionary. Consider also that although you may add Edward123 to the dictionary, this will not stop someone from using the password EdWaRd123. You really have to add all permutations that you want excluded from passwords.
ie if you want to replace the letter 'l' with the digit '1' in every word in the dictionary you will have to create appropriate entries.

You shouldn't need to add Hewlett or Packard or Edward to the dictionary as they don't contain non-alpha characters, hence would have been rejected before the dictionary is checked.

regards,

Darren
Calm down. It's only ones and zeros...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.