HPE Community
Operating System - HP-UX
1833776 Members
2003 Online
110063 Solutions
New Discussion

Re: password policy in a non-trusted system

 
sheevm
Regular Advisor

‎04-15-2005 03:43 AM

‎04-15-2005 03:43 AM

password policy in a non-trusted system

Hi!

We are runnng hp-ux 11.0 on L2000 machine. This is non-trusted system. I am trying to implment passowrd policy. I was told to create /etc/default/security file and add the following lines and this should take care. But it is not working. Can someone out there tell me what else I need to do. I want to set passord plocy: atleast min 7 Chars and one digit.
vi /etc/default/security

MIN_PASSWORD_LENGTH=7
PASSWORD_MIN_DIGIT_CHARS=1

Thanks.
be good and do good
0 Kudos
Reply
11 REPLIES 11
Pete Randall
Outstanding Contributor

‎04-15-2005 03:52 AM

‎04-15-2005 03:52 AM

Re: password policy in a non-trusted system

Do you have PHCO_24606 or later installed?

How is it failing? Do you mean that you can set a new password using the passwd command that violates one or both of these requirements?


Pete

Pete
0 Kudos
Reply
Oliver Schmitz
Regular Advisor

‎04-15-2005 03:54 AM

‎04-15-2005 03:54 AM

Re: password policy in a non-trusted system

some information maybe in the discussion I invoked an hour ago.

Hope it helps,

Oliver
Oliver Schmitz
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎04-15-2005 03:56 AM

‎04-15-2005 03:56 AM

Re: password policy in a non-trusted system

The discussion Oliver is referring to would be this one:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=857287


Pete

Pete
0 Kudos
Reply
Oliver Schmitz
Regular Advisor

‎04-15-2005 04:02 AM

‎04-15-2005 04:02 AM

Re: password policy in a non-trusted system

sorry, forgot to post the link...
Oliver Schmitz
0 Kudos
Reply
sheevm
Regular Advisor

‎04-15-2005 04:04 AM

‎04-15-2005 04:04 AM

Re: password policy in a non-trusted system

I read the conversation. Please pardon me!!

Can I just use the /etc/default/security file in a non trusted system to satisfy above password policy requirement?

Our's is non trusted system.
be good and do good
0 Kudos
Reply
Oliver Schmitz
Regular Advisor

‎04-15-2005 05:14 AM

‎04-15-2005 05:14 AM

Re: password policy in a non-trusted system

Yes you can set some policies as described in man security. Some more advanteneous policies are included in the trusted system and if you refer to the passwords only a shaddow tool in addition to a non-trusted system would be helpfull to harden your system. In trusted systems auditing tools and some more flexible policies for passwords etc are included and helpfull. I just converted my maschine today and it was straightforward and very comfortable, no errors so far. I did it with SAM!

Regards,

Oliver
Oliver Schmitz
0 Kudos
Reply
sheevm
Regular Advisor

‎04-15-2005 05:20 AM

‎04-15-2005 05:20 AM

Re: password policy in a non-trusted system

Thanks to all of you.

Pete,

It is stll failing. Yes even with this config it is violating the above rules. I can still cretae passord of 4 letters.

I am not sure what else to do.

Does this require reboot?

Thanks
Raji
be good and do good
0 Kudos
Reply
sheevm
Regular Advisor

‎04-15-2005 07:25 AM

‎04-15-2005 07:25 AM

Re: password policy in a non-trusted system

Hi everyone,

It is working now. Now I have to force all the users to change the old passwords in their next login. Instead of doing individually in SAM is there a way I can write a script? Does anyone has any script which can satisfy this requirement?

Thanks.
Raji
be good and do good
0 Kudos
Reply
RAC_1
Honored Contributor

‎04-15-2005 07:33 AM

‎04-15-2005 07:33 AM

Re: password policy in a non-trusted system

/usr/sbin/logins -u | awk '{print $1}'|xargs passwd -f

man passwd for details.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-15-2005 07:35 AM

‎04-15-2005 07:35 AM

Re: password policy in a non-trusted system

This should do it (looks for all UID's > 100 and passwd != '*'):

#!/usr/bin/sh

INFILE=/etc/passwd
awk -F ':' '{if (($3 > 100) && ($2 != "*")) print $1}' ${INFILE} | while read U
do
echo "User: ${U}"
# passwd -f ${U}
done


When you are satisfied that the correct users are being selected, uncomment the passwd -f command.
If it ain't broke, I can fix that.
0 Kudos
Reply
sheevm
Regular Advisor

‎04-18-2005 04:37 AM

‎04-18-2005 04:37 AM

Re: password policy in a non-trusted system

Thanks for your help. It is all set now. I am unable to assign points, do not see the button. Any hints?

Thanks
Raji
be good and do good
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.