HPE Community
Operating System - HP-UX
1837984 Members
2693 Online
110124 Solutions
New Discussion

Re: Password min change and reuse info needed

 
SOLVED
Go to solution
Linda Card
Frequent Advisor

‎11-10-2004 10:30 AM

‎11-10-2004 10:30 AM

Password min change and reuse info needed

I am trying to tighten the security on my HP 10.20 using a security policy set much higher up.
Can somebody tell me what file(s) set the minimum days between password changes? I used SAM to set it to 7 days. I see :u_minchg#604800 in /tcb/files/auth/system/default. I rebooted. I created a test user. The test user has changed his password no less than 8 times today going back and forth between two passwords. So that policy does not seem to be working. Is there some other place that I should look for this setting?

And is there a password re-use policy standard to hp-ux 10.20?

Appreciate any help

Linda
0 Kudos
7 REPLIES 7
Michael Tully
Honored Contributor

‎11-10-2004 10:46 AM

‎11-10-2004 10:46 AM

Re: Password min change and reuse info needed

The file your after is called /etc/default/security
There is a man page for it (man 4 security)
The field is "PASSWORD_HISTORY_DEPTH"

The thing I'm not sure about is whether this works on 10.20
Anyone for a Mutiny ?
0 Kudos
Linda Card
Frequent Advisor

‎11-12-2004 02:55 AM

‎11-12-2004 02:55 AM

Re: Password min change and reuse info needed

Michael,
I have no /etc/default/security file on my system.

When try the man pages, I get "No manual 4 entry for security" - I tried all possible man x security but nogo.

I tried man PASSWORD_HISTORY_DEPTH - also nogo.

Do you think it is possible that 10.20 did not have a minimum days password change policy or any password re-use tracking program?

I use a "cut and paste" ignite tape to install the OS. I cannot tell if these security features (/etc/default/security and PASSWORD_HISTORY_DEPTH) have been 'cut' from the ignite. If 10.20 does not have these features or they were cut in my ignite, then my box is as compliant as possible to the security policy.

Any thoughts on that?
Linda
0 Kudos
Steven E. Protter
Exalted Contributor

‎11-12-2004 03:02 AM

‎11-12-2004 03:02 AM

Re: Password min change and reuse info needed

In the days prior to the /etc/default/security file these settings could be set with SAM.

I don't know if the /etc/default/security is active in HP-UX 10.20. At this point, I'd poke around the users in question with the SAM interface and consider setting up a /etc/default/security and see how the system responds.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Jean-Luc Oudart
Honored Contributor

‎11-12-2004 03:52 AM

‎11-12-2004 03:52 AM

Re: Password min change and reuse info needed

Hi Linda

I'm afraid libpam is not available for 10.20 and only started for 10.30 (the pre 11.0 version)

cf. this link
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=73153

Regards
Jean-Luc
fiat lux
0 Kudos
Linda Card
Frequent Advisor

‎11-12-2004 08:09 AM

‎11-12-2004 08:09 AM

Re: Password min change and reuse info needed


Since 10.20 does not have PAM, a user may change his password as often as desired and can reuse old passwords. Is that correct?

I just want to make sure that I understand this correctly. Because if it cannot be done, then I should just move on to the next thing that can be fixed. And use this as justification to get a more current OS.
0 Kudos
Bill Hassell
Honored Contributor

‎11-12-2004 08:55 AM

‎11-12-2004 08:55 AM

Solution

Re: Password min change and reuse info needed

I believe that with all the latest patches ("latest" means Dec 2001 plus a few security patches), the min days should work. I think that password history was a feature added to 11.00. When it exists, there will be a directory /tcb/files/auth/system/pwhist where old passwords are kept.

There is no /etc/default/security file on 10.20 nor any code that would pay any attention to the contents if you create it. 10.20 is dead, gone, toast, so once you've applied all the latest patches and something doesn't work, the fix is:

Install 11.11 and fix all the ancient code that requires 10.20.


Bill Hassell, sysadmin
0 Kudos
Linda Card
Frequent Advisor

‎11-12-2004 10:41 AM

‎11-12-2004 10:41 AM

Re: Password min change and reuse info needed

Thanks to everybody. I always learn something new when I come to this forum. I get good info and no wise-guys. I appreciate the help.
Linda
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.