HPE Community
Operating System - HP-UX
1832962 Members
3364 Online
110048 Solutions
New Discussion

Problem with "Modify Security Policy"

 
yyghp
Super Advisor

‎12-12-2003 08:03 AM

‎12-12-2003 08:03 AM

Problem with "Modify Security Policy"

I am going to change the root password length from 8 to 12, and I have 14 HP boxes.
I found that on some of the boxes when I ran SAM->User, and chose 'root', and I could see the options "Modify Security Policy" and "Set Authorized login time" under "Actions" menu, inside "Modify Security Policy" there was some other options including one called "Password Format Policies...", with this, I could change the user password length with one of the options inside.
However, some of the boxes don't have those option("Modify Security Policy" and "Set Authorized login time") under "Actions" menu, why? How can I enable those options ?
Thanks!
0 Kudos
Reply
7 REPLIES 7
Geno Church_1
Valued Contributor

‎12-12-2003 08:08 AM

‎12-12-2003 08:08 AM

Re: Problem with "Modify Security Policy"

Are all 14 HP boxes running at the same OS level?

Geno
0 Kudos
Reply
yyghp
Super Advisor

‎12-12-2003 08:19 AM

‎12-12-2003 08:19 AM

Re: Problem with "Modify Security Policy"

yes, all running on HP-UX 11.11B

I found out that those have that option are all trusted system, the others are not, so, how ?
0 Kudos
Reply
Victor_5
Trusted Contributor

‎12-12-2003 08:21 AM

‎12-12-2003 08:21 AM

Re: Problem with "Modify Security Policy"

If you have those options, you are running trusted system, for those which you don't have, you have to convert them. But I don't understand why you change length from 8 to 12 since it is not a good move. If for security reason, there are many other ways to secure the system, not only the length of password.
0 Kudos
Reply
Victor_5
Trusted Contributor

‎12-12-2003 08:27 AM

‎12-12-2003 08:27 AM

Re: Problem with "Modify Security Policy"

Good plan is MUST for trusted system because you need setup policy and auditing.

1. Convert to a trusted system:
a. Sam --> Auditing and Security --> Audited Events
b. Click â Yesâ when the system asks â Do you want to convert to a Trusted System now?â
c. The system displays the following messages: â Convert to a trusted system
Successfully converted to a trusted system.â
Press OK to continue.

2. Convert at and crontab files
/usr/lbin/tsconvert â p
/sbin/init.d/cron stop
/sbin/init.d/cron start

Another good idea is keep g
0 Kudos
Reply
Victor_5
Trusted Contributor

‎12-12-2003 08:35 AM

‎12-12-2003 08:35 AM

Re: Problem with "Modify Security Policy"

Sorry, for some reason, the display mixed up, repeat here:

1. convert to trusted system
a. sam --> auditing and security --> audited events
b. click "yes" when the system asks "do you want to convert to a trusted system now?"
c. the system displays the following message: "convert to a trusted system successfully converted toa trusted system." Press OK to continue.

2. Convert at and crontab files
/usr/lbin/tsconvert -p
/sbin/init.d/cron stop
/sbin/init.d/cron start

The last sentence I lost: "It is a good idea to keep backup, always. Also, when you have problem later on, ITRC always is the best place for help."

Good luck!
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎12-12-2003 05:22 PM

‎12-12-2003 05:22 PM

Re: Problem with "Modify Security Policy"

Also keep in mind that if you aren't running in trusted mode, any passowrd you type is automatically and silently truncated to 8 characters in length, even if you THINK you have set a longer one. This is a restriction of the standard UNIX password file format.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎12-14-2003 09:42 PM

‎12-14-2003 09:42 PM

Re: Problem with "Modify Security Policy"

Hi,

As stated earlier the system needs to be trusted for these options to be visible. Also, the password length option is ONLY for system-generated passwords. If your user chooses their own password then this option is ignored.

SAM has some useful info on these options tucked away in its context based help system.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.