HPE Community
Operating System - HP-UX
1823064 Members
3431 Online
109645 Solutions
New Discussion юеВ

password policy

 
Marco Hernandez_1
Advisor

тАО04-20-2001 06:37 AM

тАО04-20-2001 06:37 AM

password policy

Hi guys,

We are setting up a new login password policy but It seems that some points can not be followed so thru SAM, so can I force this points to be followed by the user when changing his/her password ?

Any Ideas ?

1.- Your Password must be at least 8 characters and can not repeat any of
your 4 previous passwords
2.- Passwords must contain special characters or punctuation. e.g. [~,!,@,#,$,%,&,*,etc...]
3.- Passwords shall not contain the user id or any part of the full name assigned to the account.
4.- Passwords must contain a combination of upper and lower case alphabetic characters

I have K570, 10.20, Trusted System.
0 Kudos
Reply
5 REPLIES 5
Barry O Flanagan
Respected Contributor

тАО04-20-2001 06:56 AM

тАО04-20-2001 06:56 AM

Re: password policy

In /etc/default/security set the line PASSWORD_HISTORY_DEPTH = 4 to check against the last 4 passwords.

I think all configurable fields appear in /tcb/files/auth/system on a trusted system.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО04-20-2001 06:56 AM

тАО04-20-2001 06:56 AM

Re: password policy

The only thing I can think of is to write a "wrapper" script for passwd that will check on the things that SAM won't let you check on. The user would input his/her new passwd, the script would check to make sure it does not contain any part of their name, and whatever else you can't get configured through SAM.

If it passes your script check, then it calls passwd to go the rest of the way and actually change the passwd.
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

тАО04-20-2001 06:57 AM

тАО04-20-2001 06:57 AM

Re: password policy

Hi Marco

Your planned password policy can be achieved by scripting a front end to the passwd, this will allow to to check that the users proposed password meets your criteria.
I would not enforce option one as it would require a storage of previous passwords for the lookup, but all the others can be checked before your script then fires the password at the passwd command.

Paula


1.- Your Password must be at least 8 characters and can not repeat any of
your 4 previous passwords
2.- Passwords must contain special characters or punctuation. e.g. [~,!,@,#,$,%,&,*,etc...]
3.- Passwords shall not contain the user id or any part of the full name assigned to the account.
4.- Passwords must contain a combination of upper and lower case alphabetic characters
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Jeff Gyurko
Frequent Advisor

тАО04-20-2001 10:19 AM

тАО04-20-2001 10:19 AM

Re: password policy


Marco,

Be real carefull with special characters.

The "@" clears what you've entered up to that point and lets you start over. When you type your password as stay@h0m your password turns out to be "h0m"

The "#" clears the last character that you typed so stay#h0m is really stah0m.

My .02

0 Kudos
Reply
Vincenzo Restuccia
Honored Contributor

тАО04-20-2001 10:41 AM

тАО04-20-2001 10:41 AM

Re: password policy

8 char.:
abc!$2001
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.