HPE Community
Operating System - HP-UX
1844038 Members
2314 Online
110226 Solutions
New Discussion

Restrict Policies in /etc/default/security

 
raiden
Regular Advisor

‎12-08-2008 01:19 AM

‎12-08-2008 01:19 AM

Restrict Policies in /etc/default/security

In one of our system we have set some password policies in /etc/default/security. But now I dont want to restrict this policies to some of the accounts. Is there any method to not force this policies on some of accounts. Is is possible through "modprpw"?
0 Kudos
Reply
13 REPLIES 13
Robert-Jan Goossens
Honored Contributor

‎12-08-2008 02:04 AM

‎12-08-2008 02:04 AM

Re: Restrict Policies in /etc/default/security

Hi,

Depends on which policies you are using in the /etc/default/security file and if your system is setup as a trusted system.

Have a look at the security manual, it describes for each policy if the system-wide default can be overwritten.

http://docs.hp.com/en/B3921-60631/security.4.html

Regards,
Robert-Jan
0 Kudos
Reply
Ganesan R
Honored Contributor

‎12-08-2008 02:06 AM

‎12-08-2008 02:06 AM

Re: Restrict Policies in /etc/default/security

Hi Raiden,

Security settings defined on /etc/default/secuirty will be applicable to all the users. If you want to modify user level settings, then you need to convert the system into trusted mode.

modprpw will work with protected database that is on trusted systems
Best wishes,

Ganesh.
0 Kudos
Reply
raiden
Regular Advisor

‎12-08-2008 02:24 AM

‎12-08-2008 02:24 AM

Re: Restrict Policies in /etc/default/security

Ganesan .. My system is trusted.. so how can i use modprpw to bypass below policies for defined in security file.

PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1

i want to use a simple password like abc123 but these policies doesnt allow me to.
0 Kudos
Reply
Ganesan R
Honored Contributor

‎12-08-2008 02:46 AM

‎12-08-2008 02:46 AM

Re: Restrict Policies in /etc/default/security

Hi,

Simple way is goto SAM -> Accounts for Users and groups -> select the desired user -> Actions -> Modify user's security policies -> Password format policies -> here disable the restriction rules.

You can also do the same thing using modprpw command. You need to use "rstrpw=value" . Value can be YES/NO/DFT with modprpw command.

Best wishes,

Ganesh.
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎12-08-2008 02:48 AM

‎12-08-2008 02:48 AM

Re: Restrict Policies in /etc/default/security

Raiden,

Configuring Per-User Attributes

http://docs.hp.com/en/5992-3387/ch02s05.html

userdbset

Changes the attribute for the specified user to override the systemwide default defined in the /etc/default/security file. For an example, see Section , and see userdbset(1M) for more information.

Regards,
Robert-Jan
0 Kudos
Reply
Mark McDonald_2
Trusted Contributor

‎12-08-2008 02:49 AM

‎12-08-2008 02:49 AM

Re: Restrict Policies in /etc/default/security

>>>i want to use a simple password like abc123 but these policies doesnt allow me to.

OK so use a then b c then 1 then 2 3

Abc!23 - seems pretty simple to me?
0 Kudos
Reply
raiden
Regular Advisor

‎12-08-2008 03:12 AM

‎12-08-2008 03:12 AM

Re: Restrict Policies in /etc/default/security

Ganesan >>> Both the methods are not working.

@ Robert ...I cannot find the command userdbset in my system.
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎12-08-2008 03:49 AM

‎12-08-2008 03:49 AM

Re: Restrict Policies in /etc/default/security

what os version are you running?

0 Kudos
Reply
raiden
Regular Advisor

‎12-08-2008 04:49 AM

‎12-08-2008 04:49 AM

Re: Restrict Policies in /etc/default/security

this is 11.11.

Is there any other alternate method.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-08-2008 05:27 AM

‎12-08-2008 05:27 AM

Re: Restrict Policies in /etc/default/security

Shalom,

trusted system is great, I like to use it but you should be informed that it is last placed in 11.31.

It has been declared obsolete and will in the future be replaced by other tools. Shadow password might be a better option for compatibility with future versions of HP-UX

SEP

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
raiden
Regular Advisor

‎12-08-2008 07:00 AM

‎12-08-2008 07:00 AM

Re: Restrict Policies in /etc/default/security

Please someone tell me how do I bypass this settings in security file.

PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1

i want to keep a simple password like abc12345 for system admins.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎12-08-2008 08:23 AM

‎12-08-2008 08:23 AM

Re: Restrict Policies in /etc/default/security

>>i want to keep a simple password like abc12345 for system admins.

Why would you want to do that? If anything the system admins passwords should be more complicated. They should lead by example, especially when it comes to passwords.

I don't think there is a way to bypass the rules in /etc/default/security. I think they are completely separate from any trusted system settings and apply to ALL users on the system, no matter what.
0 Kudos
Reply
Mark McDonald_2
Trusted Contributor

‎12-09-2008 06:55 PM

‎12-09-2008 06:55 PM

Re: Restrict Policies in /etc/default/security

Cant you simply copy the password hash from a box with a known simple password?

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.