09-27-2012 09:16 AM
I've a problem in HP-UX 10.20 with the user's password.
The user should have the password from the 4th symbols, but the system writes "too short, minimum 6 symbols". There is /tcb/files/auth/ a file with parameters of this password, but the variable which is responsible for the minimum length isn't present. Where there is this value?
Thanks for advanse!
09-28-2012 03:16 AM
If either the user-specific file in /tcb/files/auth or the system-wide defaults file /tcb/files/auth/system/default contains :u_restrict:, then the password triviality check is in effect. This may cause very short passwords to be rejected even if minimum length is not explicitly set.
If the /etc/default/security file exists and has the "MIN_PASSWORD_LENGTH=6" uncommented, the password is explicitly required to have at least 6 characters.
09-28-2012 04:10 AM
Yes, file /tcb/files/auth/system/default contains parametr :u_restrict@, but /etc/default/security file not exists.
Сan I remove parameter u_restrict@ or deactivate it to have the password from 4th symbols?
09-29-2012 06:30 AM
:u_restrict@: actually means "no u_restrict". So the password restriction rules should be disabled system-wide.
(See "man 4 prpwd" for the keywords, and "man 4 authcap" for the general syntax.)
Instead of modifying the /tcb/files/auth/* files manually, you should use SAM to modify them.
The "Auditing and Security" section allows you to change the system security policy (e.g. the system-wide settings in /tcb/files/auth/system/default), and the "User and Group Management" section allows you to make exceptions to the system security policy on a per-user basis.
When you use SAM to view the per-user security policy, it will automatically display the total effect of the system-wide policy + any per-user exceptions, making it easier to verify that the policy is exactly what you want. It will also protect you from typing mistakes and other syntax errors when modifying the security policy.
You might also want to run:
authck -p -v
to verify that your /etc/passwd and /tcb/files/auth/* files are in agreement and don't contain any typos. If the command reports any errors, use your judgement and fix them as appropriate.