HPE Community
Operating System - HP-UX
1833748 Members
2951 Online
110063 Solutions
New Discussion

Password Length

 
Dirk Moolman
Frequent Advisor

‎08-11-2006 03:27 AM

‎08-11-2006 03:27 AM

Password Length

I also have another question regarding passwords on my version B10:20.

Some of my accounts have short passwords (5 characters, alphabetic only. When I try to change the passwords, I am not allowed to use 5 characters any longer. How can I force the use of 5 characters - how did the previous admin do this ?

Dirk
0 Kudos
Reply
17 REPLIES 17
Pete Randall
Outstanding Contributor

‎08-11-2006 03:31 AM

‎08-11-2006 03:31 AM

Re: Password Length

The root use can make the password change and use any length he wants.


Pete

Pete
0 Kudos
Reply
AndyMueller
Frequent Advisor

‎08-11-2006 03:34 AM

‎08-11-2006 03:34 AM

Re: Password Length

Dirk,

why not just go with a bit more system security and use 8 alphanumeric and numeric numbers? Seems anymore, you can't make a system secure enough. Is this system running in trusted mode?

Andy
0 Kudos
Reply
Dirk Moolman
Frequent Advisor

‎08-11-2006 03:41 AM

‎08-11-2006 03:41 AM

Re: Password Length

I am logging in as root, but I am still not allowed to create 5 character passwords, which is strange to me.

I do not want to give away too much detail about my system, for security reasons, but we have cases unfortunately where we need the 5 char passwords.

I also do not know if the system is trusted or not. I had a look under /tcb, but I don't know what to look for, and cannot tell if the system is trusted or not.
0 Kudos
Reply
AndyMueller
Frequent Advisor

‎08-11-2006 03:49 AM

‎08-11-2006 03:49 AM

Re: Password Length

run: /usr/lbin/getprpw and it will tell you if the system is trusted or not.
0 Kudos
Reply
Dirk Moolman
Frequent Advisor

‎08-11-2006 03:52 AM

‎08-11-2006 03:52 AM

Re: Password Length

Nope, mine is not - thanks
0 Kudos
Reply
AndyMueller
Frequent Advisor

‎08-11-2006 03:57 AM

‎08-11-2006 03:57 AM

Re: Password Length

Dirk, man passwd, your answer might be with MIN_PASSWORD_LENGTH variable

On an untrusted system, only the first eight characters of a password are significant.

+ On an untrusted system, passwords of non-root users must have at
least six characters. On a trusted system, passwords of all users must have at least six characters. This restriction on the
password length can be increased to a value larger than six. Refer to the security(4) manual page for detailed information on
configurable parameters that affect the behavior of this command.
The parameter to select the minimum password length is MIN_PASSWORD_LENGTH
0 Kudos
Reply
Dirk Moolman
Frequent Advisor

‎08-11-2006 04:09 AM

‎08-11-2006 04:09 AM

Re: Password Length

My apologies for asking so many questions, I just have a lot to do in a very short time (work overload) -

the man page says:
"The minimum password length depends on several parameters that the system administrator sets in the authentication databases."

Where can I read more about the authentication of passwords, and the authentication databases ?
0 Kudos
Reply
Dirk Moolman
Frequent Advisor

‎08-11-2006 04:12 AM

‎08-11-2006 04:12 AM

Re: Password Length

PS. I do not have any system administration documentation - is there a URL where I can download pdf versions of the HP manuals ?

Any help appreciated
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎08-11-2006 04:13 AM

‎08-11-2006 04:13 AM

Re: Password Length

In a non-trusted system, the only "authentication database" that I'm aware of is /etc/default/security. Check there for MIN_PASSWORD_LENGTH and do a man on security.


Pete

Pete
0 Kudos
Reply
AndyMueller
Frequent Advisor

‎08-11-2006 04:13 AM

‎08-11-2006 04:13 AM

Re: Password Length

Dirk,

try a : man security
somewhere there appears to be a place where you can set the password lenght, I'm just not sure where.
/etc/default/security maybe?
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎08-11-2006 04:24 AM

‎08-11-2006 04:24 AM

Re: Password Length

Dirk,

For documentation:

http://docs.hp.com/

For HP-UX 10.20 specific docs:

http://docs.hp.com/en/oshpux10.x.html

A lot of the docs are available in either HTML or PDF format.
0 Kudos
Reply
Sp4admin
Trusted Contributor

‎08-11-2006 10:10 AM

‎08-11-2006 10:10 AM

Re: Password Length

Hi Dirk,

Like Pete said. use the /etc/default/security file.
PASSWORD_MIN_UPPER_CASE_CHARS=2
PASSWORD_MIN_LOWER_CASE_CHARS=2
PASSWORD_MIN_DIGIT_CHARS=2
PASSWORD_MIN_SPECIAL_CHARS=2
PASSWORD_HISTORY_DEPTH=10
MIN_PASSWORD_LENGTH=9

sp,
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎08-11-2006 11:37 AM

‎08-11-2006 11:37 AM

Re: Password Length

All the manuals for HP-UX are located at:

docs.hp.com

NOTE: version 10.20 has been obsolete and unsupported since 2001 so many of the manuals will have details that do not apply to your old software. The /etc/default/security file will have no effect at all unless you have applied all the security patches for 10.20. Now your system is trusted IF there is a /tcb directory -- if not, then you have a standard system. Root should be able to change any user's password to 5 characters -- the previous admin may have created a script that uses usermod.sam or something similar. What error message do you get when you type:

passwd userlogin

Also, does your site use an NIS server for centralized passwords?


Bill Hassell, sysadmin
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎08-11-2006 12:22 PM

‎08-11-2006 12:22 PM

Re: Password Length

The submitter indicated that the systems were running 10.20. /etc/default/security did not exist until after 11.00 shipped. (It was first created in the August, 1998 release of 11.00 to control variables related to the password history mechanism.) I don't believe those changes were ever backported to 10.20 systems, though 10.20 has been out of support for so long that it's mostly irrelevant now.

Generally speaking, the design philosophy has been to not force restrictions like this upon superusers, since they could always bypass them by using vi directly on the passwd file or other configuration files, and are more likely to break something by doing so.
0 Kudos
Reply
Dirk Moolman
Frequent Advisor

‎08-13-2006 07:57 PM

‎08-13-2006 07:57 PM

Re: Password Length

Thank you everyone for the replies, I do appreciate it.
I also assumed that this was an old version of HP, when I read the man pages which were very limited.

I will download the documentation, and read up about this version a bit. And I think Doug is right - I do not have the file /etc/default/security on this system.

Thanks again
0 Kudos
Reply
Dirk Moolman
Frequent Advisor

‎08-14-2006 01:35 AM

‎08-14-2006 01:35 AM

Re: Password Length

My apologies, this is actually a trusted system. I downloaded most of the 10.x documentation, and now understand the /tcb/files/auth structure
0 Kudos
Reply
Dirk Moolman
Frequent Advisor

‎08-14-2006 03:03 AM

‎08-14-2006 03:03 AM

Re: Password Length

Info I found (also not available on my version):

o MIN_PASSWORD_LENGTH
(introduced in 11.00 via PHCO_24390)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.