SUMMARY:[2] Enhanced security - minimum password length

From: Shaun.Racine@intier.com
Date: Thu Apr 14 2005 - 06:18:43 EDT

• Next message: Farmer, John: "Summary: C programming language / query for hardware attributes q uestion."
• Previous message: Shaun.Racine@intier.com: "SUMMARY: Enhanced security - minimum password length"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

(2nd summary, correct line to read: edauth -dd default)

Dear All,

Many thanks to responders (all responses attached below);
Robert C. Dege
Spider Boardman
Ann Majeske
Jeffrey Hummel
BL Venkatesh

Answer;

edauth -dd default

But to make life easier, use vi instead of ed. So before above command;
EDITOR=/usr/bin/vi;export EDITOR

Some people suggested using dxaccounts, but I will need to do this on
remote servers where I only have CLI.

Other useful resources, read the man pages for prpasswd, default, edauth,
userdel/mod/add.

Some outstanding issues with enhanced security I may just live with; new
user accounts are locked by default, user passwords can be single case
(even with non-trivial) - where before with BASE they had to be mix of at
least 2 sets {lowercase, uppercase, numbers, symbols}.

Best regards,
Shaun Racine

Original message
> Tru64 v5.1B pk4
>
> After setting enhanced security (with shadow password) on
> this test server, I noticed the minimum required password
> length is 1 character.
>
> What is the recommended/correct method for changing the
> minimum password length to 6 ? ( I cannot find the way to
> set it with edauth )
>
> Do I just manually edit the file /etc/auth/system/default ?

Responses

Robert C. Dege

You can use dxaccounts to setup the security settings. If you want the
settings to be global, be sure to modify the default template settings.

Spider Boardman

You change it with 'edauth -dd', and be sure to hit both u_minlen and
u_minchosen. I don't know how you got u_minlen of 1, since that's not the
default. It's shipped as 0, which means to calculate it dynamically based
on other parameters. That default is generally pretty safe, but changing
it to 6 is about what it would do normally. (The u_minchosen value was
defaulted from the setting of u_minlen.)

Ann Majeske

To use edauth to edit the default file:
#edauth -d d default
You need to specify "default", since that's the entry you're
editing, even though it's the only entry in the default file.

You can also use the Account Manager to edit the
default file, go to the "Local Template" view and click on
"default".

The prpasswd man page has descriptions for the
user account based entries in the default file, the
default man page has descriptions for the the
system wide entries.

Jeffrey Hummel

I think it is safe to edit default if you are the only one who could be
running the user authorization program.

Change u_minlen#1 to u_minlen#6 if 6 is the minimum length you would like
for a password.

BL Venkatesh

You could either do it manually or use 'dxaccounts' and modify the
'default' template.

• Next message: Farmer, John: "Summary: C programming language / query for hardware attributes q uestion."
• Previous message: Shaun.Racine@intier.com: "SUMMARY: Enhanced security - minimum password length"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:17 EDT