HPE Community
Operating System - HP-UX
1836444 Members
2407 Online
110100 Solutions
New Discussion

Security policies for users

 
HCL Ash
Frequent Advisor

‎04-14-2010 04:14 AM

‎04-14-2010 04:14 AM

Security policies for users

i need to setup security policies for system..

i have setup things in /etc/default/security file

MIN_PASSWORD_LENGTH=8
NUMBER_OF_LOGINS_ALLOWED=5
PASSWORD_HISTORY_DEPTH=6
PASSWORD_MAXDAYS=90
PASSWORD_MINDAYS=2
AUTH_MAXTRIES=5

This configration not working.

I dont want to go for trusted mode.
0 Kudos
Reply
4 REPLIES 4
Pete Randall
Outstanding Contributor

‎04-14-2010 04:26 AM

‎04-14-2010 04:26 AM

Re: Security policies for users

It is typical for many of security's features to be available on trusted systems only. Like history depth for example:

"The password history depth configuration is on a system basis and is supported in trusted system for users in files repository only."

I'm not sure about max/min days/tries, but that could be the case with them also.

Could you elaborate on "not working"?


Pete

Pete
0 Kudos
Reply
UXisCool
Advisor

‎04-19-2010 09:41 AM

‎04-19-2010 09:41 AM

Re: Security policies for users

I believe the default file would set parameters for any new users that you define. For existing users, I would go into sam and under the accounts for users and groups tab, go to the user tab and highlight a user and right click. Then select modify security policies. You will have to do that for each user unfortunately. Let me know if that works for you.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-19-2010 09:47 AM

‎04-19-2010 09:47 AM

Re: Security policies for users

Hi:

Have a look at the 'security(4)' manpages as they relate to the '/etc/default/security' file.

Regards!

...JRF...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-19-2010 10:45 AM

‎04-19-2010 10:45 AM

Re: Security policies for users

Shalom,

Suggested test parameters.


As a regular user, invoke the passwd command. input a 7 digit password. that tests:
MIN_PASSWORD_LENGTH=8

as a regular user, attempt to log in 6 times. That tests:
NUMBER_OF_LOGINS_ALLOWED=5

Attempt to re-use previous password as a regular user. That tests:
PASSWORD_HISTORY_DEPTH=6

Try and log in an inactive regular user on day 91. That tests.
PASSWORD_MAXDAYS=90

Change a user password. Next day try and change it again:
PASSWORD_MINDAYS=2

Try logging in as a regular user and submit an incorrect password 6 times.
AUTH_MAXTRIES=5


At least if you submit results from the above tests, we can get a handle on what you mean by "Not working."

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.