HPE Community
Operating System - HP-UX
1834926 Members
2708 Online
110071 Solutions
New Discussion

Re: Setting up Trusted systems 11.0

 
SOLVED
Go to solution
Richard Ace
Frequent Advisor

‎11-08-2004 09:09 PM

‎11-08-2004 09:09 PM

Setting up Trusted systems 11.0

Hi

Can you tell me please.

Is it possible to set-up a Trusted system without having the accounts expire, which I beleive is Default as you migrate over.

Cheers

Rich
0 Kudos
Reply
2 REPLIES 2
Steve Steel
Honored Contributor

‎11-08-2004 09:33 PM

‎11-08-2004 09:33 PM

Solution

Re: Setting up Trusted systems 11.0

Hi


See
http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90121/B2355-90121_top.html&con=/hpux/onlinedocs/B2355-90121/00/00/19-con.html&toc=/hpux/onlinedocs/B2355-90121/00/00/19-toc.html&searchterms=password&queryid=20041109-033058


Setting Up Password Aging Policies

HP-UX lets you select password aging options. The amount of time a user has a particular password on his or her account directly related to the amount of time a penetrator has to guess it. The system maintains a time between password changes, an expiration time, and a lifetime for passwords on the system when password aging is enabled. Refer to "Password Aging" later in this chapter for more information.

If there is a system compromise, you can also choose to expire all user passwords immediately and force users to select new passwords.

To set up password aging policies using SAM:

Highlight System Securities Policies.

Highlight Password Aging Policies. The Password Aging Policies screen is displayed.

Set Password Aging to Enabled. The Enable Password Aging screen is displayed.

Select appropriate options by using the arrow keys to highlight them and typing appropriate options.

Set the Time Between Password Changes (in days). This sets the minimum time a user must have a password to prevent users from changing their passwords and then changing it back again to the old one.

Specify the Password Expiration Time (in days). The expiration time of a password specifies a time after which a user must change the password.

Indicate the Password Warning Time (in days). This is when to start sending warning messages to the user that they will need to change their password soon.

Specify the Password Lifetime (in days). The lifetime specifies the time at which the account associated with that password is locked. Once locked, the password must be changed before the person can log in.

Select OK to accept these values.


Since it can be enabled it can be disabled but enabled is the better policy


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
Reply
Richard Ace
Frequent Advisor

‎11-08-2004 09:44 PM

‎11-08-2004 09:44 PM

Re: Setting up Trusted systems 11.0

Thanks

I know about the policies on the accounts and ours accounts on our servers have policies set-up and as you said.

What I am saying when you hit the button to go to TRUSTED it will immediately expire everything.

We want trusted, but dont want to expire any accounts when we hit the button.

Lots of ftp accounts are set-up and imbedded passwords. Could cause big problems.

i.e. ts convert and then it expires everything?

Option to /usr/lbin/modprpw -k account name but it would be a big job.

Cheers

Rich

P.S. I am looking at the URL you sent too.

Ta
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.