1823959 Members
4839 Online
109667 Solutions
New Discussion юеВ

pwhist on trusted system

 
Bolek Mynarski
Frequent Advisor

pwhist on trusted system

OK. I give up. I've been searching high and low, leaving no stone unturned and yet still cnanot find any answer to my problem.

System in question: HP-UX 10.20 (trusted).

I am trying to implement /etc/default/security feature in conjunction with already existing security policies in place. I want to make sure that users cannot re-use the same password for the next 5 password changes.

I thought that by entering the following line into that file:
PSSWORD_HISTORY_DEPTH=5
I will solve my issue. No luck. It seems like system does not even consult this file.

After reading more on this, 'pwhist' came into light. Now I know that the following should exist on my system:

/tcb/files/auth/system/pwhist where pwhist is a directory (I assume). It wasn't there, so I created it. Because I could not find any info on what kind of permissions it should have, I gave it 775.

No luck. I still was able to alternate my two passwords and not entries were put to
/tcb/files/auth/system/pwhist either.

I am spinning my wheels now. As I said, I am running HP-UX 10.20 in trusted mode. Is there a patch or something I don't know that makes that feature unusable on my system?

I would really appreciate any light shed on this matter...

Thanks.
It'snever too late to learn new things...
4 REPLIES 4
John Carr_2
Honored Contributor

Re: pwhist on trusted system

Hi

I suspect your /etc/default/security file is incorrect. have a look at the man page for passwd and search for stringdefault/security.
The paragraph containing the string says the file will not work unless the 3 required strings are present which is not per your entry :

PSSWORD_HISTORY_DEPTH=5

hope this gets you going in the right direction
john.
Bolek Mynarski
Frequent Advisor

Re: pwhist on trusted system

The more I research it and the more reading I do, I get convinced more and more every time that /etc/default/security file is a unique feature for HP-UX 11.+ systems and is not available for HP-UX 10.20.

Is there anybody outhere who successfuly has implemented that file (I am mostly after PASSWORD_MAX_DEPTH=5 feature)?

If so, could such a person give me a glimpse on how s/he has accomplished that?

Thanks.

P.S. Again, I am running on HP-UX 10.20 system and not 11.+! (trusted).

Thanks.
It'snever too late to learn new things...
K.Vijayaragavan.
Respected Contributor

Re: pwhist on trusted system

You are right!

This feature is not availabe with a 10.20 (trusted) system.
It is not considering the security file. Even the man page of passwd in 10.20 is not saying anything about the /etc/default/security file and "PASSWD_HISTORY_DEPTH=#" option.

Butin case of 11.00 it considers security file and even the man page of passwd mentions about it.

I had a check with both 10.20 and 11.00 trusted system.

-Vijay
"Let us fine tune our knowledge together"
K.Vijayaragavan.
Respected Contributor

Re: pwhist on trusted system