Restrict new password format options presented to a user? (340 Views)
Reply
Occasional Advisor
malc_p
Posts: 16
Registered: ‎01-15-2014
Message 1 of 3 (340 Views)
Accepted Solution

Restrict new password format options presented to a user?

[ Edited ]

Hi there

we're running an HP9000 container running 11.11 on an Integrity server running 11.31; the apps run on the 11.11 container and the user log directly into it.

What I want to know is, when a user's password needs resetting they get presented with the dialog offering them the choice of a pronouncable system-generated password, an unpronouncable one, or the option to create their own.

We want to alter this behaivour so that the only option is for them to create their own without the initial "select which option" dialog. All that "man passwd" mentions is:


"  When passwd is invoked on a trusted system, the existing password is     
      requested (if one is present).  This initiates the password              
      solicitation dialog which depends upon the type of password generation   
      (format policy) that has been enabled on the account doing the passwd    
      command.  There are four possible options for password generation: "

 

but I can't see where to alter the "password solicitation dialog". Anyone able to help please?

 

Many thanks

 

 

 

 

P.S. This thread has been moevd from HP-UX > System Administration to Security. - Hp forum moderator 

Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 2 of 3 (256 Views)

Re: Restrict new password format options presented to a user?

Looks like your container is using the HP-UX Trusted System Mode.

 

In a real 11.11, this change could be made with the modprpw command for a specific user:

modprpw -m usrpick=YES,syspnpw=NO,syschpw=NO,sysltpw=NO username

(the possible settings for each option are YES, NO, or DFT = use a system-wide default)

 

Or if you want to change the system-wide (or maybe container-wide in your case) default settings:

/usr/lbin/modprdef -m usrpick=YES,syspnpw=NO,syschpw=NO,sysltpw=NO

 

MK
Please use plain text.
Occasional Advisor
malc_p
Posts: 16
Registered: ‎01-15-2014
Message 3 of 3 (241 Views)

Re: Restrict new password format options presented to a user?

Hi

Yes, that's it, thanks, the modprpw commands did the trick.

We're running trusted on the containers but the host machine is not, so 'modprdef' isn't working., but we'll fix that at next restart time.

 

Regards

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation