HPE Community
Operating System - HP-UX
1833476 Members
3003 Online
110052 Solutions
New Discussion

password issue

 
SOLVED
Go to solution
Gary Yu
Super Advisor

‎10-22-2002 08:15 AM

‎10-22-2002 08:15 AM

password issue

Hi all,

We have a dev server accessed by more than 20 users, some of them just use "password" or their username as password. Is there a way in HPUX 11.0 that we can enfoce some password rule(like in Win2000), which won't allow users to choose password which don't have numbers and Captical letters ? Or as a root user, is there any way I can detect user's password is "password" or username.

BTW, we're not running a trusted system.

thanks,
Gary
0 Kudos
Reply
6 REPLIES 6
RAC_1
Honored Contributor

‎10-22-2002 08:16 AM

‎10-22-2002 08:16 AM

Re: password issue

check man page for security.

you can put security file in /etc/default dir.

It will give you some control on passwords.

(trusted system is better option)
There is no substitute to HARDWORK
0 Kudos
Reply
Ashwani Kashyap
Honored Contributor

‎10-22-2002 08:19 AM

‎10-22-2002 08:19 AM

Re: password issue

Best way is to convert to trusted system
0 Kudos
Reply
Ken Hubnik_2
Honored Contributor

‎10-22-2002 08:20 AM

‎10-22-2002 08:20 AM

Re: password issue

You can also convert the system to trusted and it opens up all kinds of new password rules.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎10-22-2002 08:20 AM

‎10-22-2002 08:20 AM

Solution

Re: password issue

If you are not a trusted system then this is a more difficult task. My tried and true method for this is to code my own passwd (and/or yppasswd if you are also running NIS) and put in your own rules. My standard rule is to strip numerics and special characters and then set the plaintext to spell. If spell says that it is a good word, I reject it.

There is no way to decrypt the user's password because it is not encrypted; it's actually hashed meaning that there is a many to one relationship between the plaintext and the encoded passwd. You can download and install 'crack' from any of the HP-UC Porting Centre's; it makes repeated guesses until it's hashed passwd matches that found in the passwd file.
If it ain't broke, I can fix that.
Reply
Bill Hassell
Honored Contributor

‎10-22-2002 06:47 PM

‎10-22-2002 06:47 PM

Re: password issue

As mentioned, going to a Trusted system is the only way. It sounds like you have a potential security problem with trivial passwords, so trying to kludge a fix with a standard system isn't going to be effective. The man page for security is missing to 11.0 so you can get it from docs.hp.com BUT:

- it has no effect unless you are up to date on patches (and 2002 patch bundle will do)

- only the libpam patch readme file plus the man page for security will have all the options.

There is no history possible (to prevent re-use) without a Trusted system but you can at least enforce some restrictions on choosing a password.


Bill Hassell, sysadmin
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎10-23-2002 12:46 PM

‎10-23-2002 12:46 PM

Re: password issue

You might be intersted in a new feature described in patch PHCO_24390. This
allows you to force passwords to have various combinations of digits or upper case, lower case and special characters. See the patch documentation file for details.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.