HPE Community
Operating System - HP-UX
1826428 Members
3729 Online
109692 Solutions
New Discussion

Re: Password history

 
SOLVED
Go to solution
Tim O'Connell
Regular Advisor

‎04-10-2007 10:28 PM

‎04-10-2007 10:28 PM

Password history

The auditors run a report on our HPUX 11.11 servers every & as the security is pretty good they usually come up with some request to justify their report. We are running a trusted system. This year they have asked to enable password history so that a user is unable to use a previously used password. Currently a user can change his password & after the "time between changes" which is 7 days has expired he can re-use his old password. Can't find anything in SAM. I know we do this in Windows but I am unable to find anything in HPUX. Cane some one help?

Thanks,

Tim
0 Kudos
6 REPLIES 6
Pete Randall
Outstanding Contributor

‎04-10-2007 10:35 PM

‎04-10-2007 10:35 PM

Solution

Re: Password history

Tim,

Do a man on security and check the PASSWORD_HISTORY_DEPTH parameter. If you don't have one already, this will require that you create a file called /etc/default/security that will allow you to enable this.


Pete

Pete
0 Kudos
Senthil Prabu.S_1
Trusted Contributor

‎04-10-2007 11:18 PM

‎04-10-2007 11:18 PM

Re: Password history

Hi,
Not sure, whether this will help you.

In solaris 10, password history can be enabled by using following parameter.

# grep "^HISTORY=" /etc/default/passwd
HISTORY=10

In this example, password history has been enabled and a user's last ten passwords will be remembered. So, if I user attempts to re-use a password that is in their history, the change will be denied and the user will be presented with the following message:

$ passwd gmb
Enter existing login password:
New Password:
passwd: Password in history list.

Please try again
New Password:


Hope u understand.
I guess same should be available on hpux.

HTH,
Prabu.S
One man's "magic" is another man's engineering. "Supernatural" is a null word.
0 Kudos
Jaime Bolanos Rojas.
Honored Contributor

‎04-10-2007 11:27 PM

‎04-10-2007 11:27 PM

Re: Password history

Tim,

You might want to go with Pete's answer:

You can modify the password requirements. See man security on 11.11

"PASSWORD_HISTORY_DEPTH
This parameter controls the password history depth. A new password is
checked only against the number of most recently used passwords stored
in password history for a particular user. A user is not allowed to
re-use a previously used password."

Regards,

Jaime.
Work hard when the need comes out.
0 Kudos
Bill Hassell
Honored Contributor

‎04-10-2007 11:50 PM

‎04-10-2007 11:50 PM

Re: Password history

The global security settings are kept in two locations, the /tcb directory (which SAM handles as well as the modprpw command) and the /etc/default/security file (which does NOT exist by default). The man page for security, getprpw and modprpw all go over the details. The attached security summary script will help auditors who are not familiar with HP-UX.


Bill Hassell, sysadmin
0 Kudos
Tim O'Connell
Regular Advisor

‎04-11-2007 12:15 AM

‎04-11-2007 12:15 AM

Re: Password history

Thanks for the quick responses. Will try /etc/default/security shortly. Points assigned.

Thanks,

Tim
0 Kudos
Tim O'Connell
Regular Advisor

‎04-11-2007 12:16 AM

‎04-11-2007 12:16 AM

Re: Password history

Sorted
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.