HPE Community
Operating System - HP-UX
1827162 Members
2016 Online
109716 Solutions
New Discussion

Re: Password History

 
SOLVED
Go to solution
Jim92900
Occasional Advisor

‎05-21-2007 05:14 AM

‎05-21-2007 05:14 AM

Password History

Hi,

I am on a trusted machine, i need to find out the password history size. Is this the same as the passwd_depth_history file. If not where do i look into.

Thanks,
Jim
0 Kudos
Reply
7 REPLIES 7
A. Clay Stephenson
Acclaimed Contributor

‎05-21-2007 05:19 AM

‎05-21-2007 05:19 AM

Re: Password History

The maximum number of stored passwd hashes is determined by the "PASSWORD_HISTORY_DEPTH" value stored in /etc/default/security. Of course, the actual depth for a given user may be much less than that simply because the user has not yet changed his password that many times.
If it ain't broke, I can fix that.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-21-2007 05:22 AM

‎05-21-2007 05:22 AM

Re: Password History

Shalom Jim,

By default, PASSWORD_HISTORY_DEPTH is not implemented on HP-UX.

Therefore unless the system has been changed to keep this information you will have no data to look at.

If the system is trusted this can also be set up with sam.

Is the system trusted?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jim92900
Occasional Advisor

‎05-21-2007 05:29 AM

‎05-21-2007 05:29 AM

Re: Password History

Yes the machine is trusted, is the password histroy size and the password_depth_history represents the same or different.

Thanks,
Jim
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-21-2007 05:36 AM

‎05-21-2007 05:36 AM

Re: Password History

There is no way to answer your question because "password_depth_history" means nothing. PASSWORD_HISTORY_DEPTH is a value stored in the security file and that does determine that maximum number of password hashes that will be stored per user to prevent reuse of old passwords prematurely. However, there is no way (at least without writing a C routine to determine the current history depth for a given user). Man 4 security for details.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jim92900
Occasional Advisor

‎05-21-2007 05:46 AM

‎05-21-2007 05:46 AM

Re: Password History

I am sorry, its a typo what i meant was Password_History_depth is it the same as same as password history size.

The reason I am asking is that, I am running Axent Policy which says that the account password history size is disabled. What should i do. Do i need to change the Password_History_Depth=N for the password history size.

Thanks,
Jim
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-21-2007 05:59 AM

‎05-21-2007 05:59 AM

Solution

Re: Password History

I have no idea what Axent Policy uses to determine is password history is in effect but if you set PASSWORD_HISTORY_DEPTH=8 in /etc/default/security then a given password cannot be reused until the password has been changed 8 times.

When combined with the mintm (minimum time beween password changes) stored in each user's TCB entry or taken from the system-wide default value (/tcb/files/auth/system/default) if not defined for the user, the PASSWORD_HISTORY_DEPTH can then tell you the minimum time before a password can be reused.


You can actually examine the password history by looking at the files under /tcb/files/auth/system/pwhist although you have to understand the bigcrypt() function to understand what you are actually looking at.


If it ain't broke, I can fix that.
Reply
Steven E. Protter
Exalted Contributor

‎05-21-2007 06:06 AM

‎05-21-2007 06:06 AM

Re: Password History

Shalom,

PASSWORD_HISTORY_DEPTH

Only relevant parameter.

As to whether this conflicts with other configuration, you'll just have to test that.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.