Hi,
here you have the output van man security
security(4) security(4)
NAME
security - security defaults configuration file
DESCRIPTION
A number of system commands and features are configured based on
certain parameters defined in the /etc/default/security configuration
file. This file must be world readable and root writable.
Each line in the file is treated either as a comment or as
configuration information for a given system command or feature.
Comments are denoted by a # at the beginning of a line. Noncomment
lines are of the form, parameter=value.
If any parameter is not defined or is commented out in this file, the
default behavior detailed below will apply.
Parameter definitions, valid values, and defaults are defined as
follows:
ABORT_LOGIN_ON_MISSING_HOMEDIR
This parameter controls login behavior if a user's home
directory does not exist. This is applicable only for
non-root users.
ABORT_LOGIN_ON_MISSING_HOMEDIR=0 Login with '/' as
the home directory if the user's home directory does
not exist.
ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login
session if the user's home directory does not exist.
Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0
MIN_PASSWORD_LENGTH
This parameter controls the minimum length of new
passwords. It is not applicable to the root user on an
untrusted system.
MIN_PASSWORD_LENGTH=N New passwords must contain at
least N characters. For untrusted systems N can be any
value from 6 to 8. For trusted systems N can be any
value from 6 to 80.
Default value: MIN_PASSWORD_LENGTH=6
NOLOGIN This parameter controls whether non-root login can be
disabled by the /etc/nologin file.
NOLOGIN=0 Ignore the /etc/nologin file and do not
exit if the /etc/nologin file exists.
Hewlett-Packard Company - 1 - HP-UX Release 11i: Oct 2002
security(4) security(4)
NOLOGIN=1 Display the contents of the /etc/nologin
file and exit if the /etc/nologin file exists.
Default value: NOLOGIN=0
NUMBER_OF_LOGINS_ALLOWED
This parameter controls the number of simultaneous
logins allowed per user. This is applicable only for
non-root users.
NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are
allowed per user.
NUMBER_OF_LOGINS_ALLOWED=N N number of logins are
allowed per user.
Default value: NUMBER_OF_LOGINS_ALLOWED=0
PASSWORD_HISTORY_DEPTH
This parameter controls the password history depth. A
new password is checked only against the number of most
recently used passwords stored in password history for
a particular user. A user is not allowed to re-use a
previously used password.
PASSWORD_HISTORY_DEPTH=N A new password is checked
against only the N most recently used passwords for a
particular user.
A configuration of password history depth of 2 prevents
users from alternating between two passwords. The
maximum password history depth supported is 10 and the
minimum password history depth supported is 1. A depth
configuration of more than 10 will be treated as 10,
and a depth configuration of less than 1 will be
treated as 1.
The password history depth configuration is on a system
basis and is supported in trusted system for users in
files repository only. This feature does not support
the users in NIS or NISPLUS repositories. Once the
feature is enabled, all the users on the system are
subject to the same check. If this parameter is not
configured, the password history check feature is
automatically disabled. When the feature is disabled,
the password history check depth is set to 1.
A password change is subject to all of the other rules
for a new password including a check with the current
password.
Hewlett-Packard Company - 2 - HP-UX Release 11i: Oct 2002
security(4) security(4)
Default value: PASSWORD_HISTORY_DEPTH=1
PASSWORD_MIN__CHARS
Parameters of this form are used to require new
passwords to have a minimum number of characters of
particular types (upper case, lower case, digits or
special characters). This can be helpful in enforcing
site security policies about selecting passwords that
are not easy to guess.
Note: These parameters apply only if the libpam_unix
patch PHCO_24606 or later is installed.
PASSWORD_MIN_UPPER_CASE_CHARS=N Specifies that a
minimum of N upper-case characters are required in a
password when changed.
PASSWORD_MIN_LOWER_CASE_CHARS=N Specifies that a
minimum of N lower-case characters are required in a
password when changed.
PASSWORD_MIN_DIGIT_CHARS=N Specifies that a minimum
of N digit characters are required in a password when
changed.
PASSWORD_MIN_SPECIAL_CHARS=N Specifies that a minimum
of N special characters are required in a password when
changed.
Default value: The default for each of these parameters
is zero.
SU_KEEP_ENV_VARS
This parameter forces su to propagate certain 'unsafe'
environment variables to its children despite the
security risk of doing so.
Note: This parameter is supported by the su patch
PHCO_27781 or later. By default, su does not export
the environment variables LD_LIBRARY_PATH, SHLIB_PATH
or LD_PRELOAD because they could be maliciously
misused. Any combination of these can be specified in
this entry, with a comma separating the variables.
Currently no other environment variables may be
specified in this way. This may change in future HP-UX
releases as security needs require.
SU_KEEP_ENV_VARS=var1,var2,...varN
Default value: If this parameter is not defined or if
it is commented out, none of these three environment
Hewlett-Packard Company - 3 - HP-UX Release 11i: Oct 2002
security(4) security(4)
variables will be propagated by the su command.
SU_ROOT_GROUP
This parameter defines the root group name for the su
command. Refer to su(1).
SU_ROOT_GROUP=group_name The root group name is set to
the specified symbolic group name. The su command
enforces the restriction that a non-superuser must be a
member of the specified root group to be allowed to su
to root. This does not alter password checking.
Default value: If this parameter is not defined or if
it is commented out, there is no default value. In
this case, a non superuser is allowed to be superuser
and su to root without being bound by root group
restrictions.
SU_DEFAULT_PATH
This parameter defines a new default PATH environment
value to be set when su to a non-superuser account is
done. Refer to su(1).
SU_DEFAULT_PATH=new_PATH
The PATH environment variable is set to new_PATH when
the su command is invoked. The path value is not
validated. This parameter does not apply to a
superuser account, and is applicable only when the "-"
option is not used with the su command.
Default value: PATH is not changed.
AUTHOR
security was developed by HP.
FILES
/etc/default/security
SEE ALSO
init(1M), login(1), passwd(1), su(1), pam_unix(5).
Hewlett-Packard Company - 4 - HP-UX Release 11i: Oct 2002
