Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter (260 Views)
Reply
Frequent Advisor
gunners
Posts: 64
Registered: ‎06-27-2011
Message 1 of 4 (260 Views)

Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

Hi Folks,

Im trying to get information (ie what the param is set to ) on the following param

 

SYS$PASSWORD_HISTORY_LIMIT

 

Dont seem to get too much on the web. I tried showing logicals and its not there , and also had a look in sysgen and nothing either :/

 

Any pointers would be great guys.

 

Thanks

Please use plain text.
Trusted Contributor
abrsvc
Posts: 360
Registered: ‎06-08-2010
Message 2 of 4 (249 Views)

Re: Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

[ Edited ]

From the guide to system security:


Once a user successfully creates a new password, the system enters the old password on the history list and
updates the file. The password history list can hold a large number of words, but it is limited to 60 by default.
If this number is exceeded, the user has to use generated passwords. A password remains on the password
history list for 365 days (or the default set by SYS$PASSWORD_HISTORY_LIFETIME). Whenever a user
account is deleted, the system removes all password records belonging to that account.


Using the DCL command DEFINE, you can change the defaults for the capacity and lifetime of the password
history list to any of the values indicated in Table 7-4.

 

Table 7.4  Defaults for Password History List

 

=========================================================================

 

System logical name                                      Default              Min              Max               Units

 

SYS$PASSWORD_HISTORY_LIFETIME        365                     1               28000           Days

 

SYS$PASSWORD_HISTORY_LIMIT                  60                    1                   2000          Absolute count

 

=========================================================================


For example, to increase the capacity of the history list from 60 passwords to 100, add the following line to the
command procedure SYLOGICALS.COM, which is located in SYS$MANAGER:


$ DEFINE/SYSTEM/EXEC SYS$PASSWORD_HISTORY_LIMIT 100

 


There is a correspondence between the lifetime of a password history list and the number of passwords
allowed on the list. For example, if you increase the password history lifetime to 4 years and your passwords
expire every 2 weeks, you would need to increase the password history limit to at least 104 (4 years times 26
passwords a year). The password history lifetime and limit can be changed dynamically, but they should be
consistent across all nodes on the cluster.

Please use plain text.
Trusted Contributor
abrsvc
Posts: 360
Registered: ‎06-08-2010
Message 3 of 4 (247 Views)

Re: Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

As a followup, I suspect that the absense of the logical name allows for the default values which would explain why you don't see the logical name. Once you require a different value, the logical name is needed.

Dan
Please use plain text.
Frequent Advisor
B Claremont
Posts: 47
Registered: ‎08-23-2006
Message 4 of 4 (232 Views)

Re: Trying to get information on SYS$PASSWORD_HISTORY_LIMIT parameter

Should find more information on login parameters in the "OpenVMS System Management Utilities Reference Manual: M – Z" under LGI SYSGEN parameters.

www.MigrationSpecialties.com
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation