Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Standard Passwords and System Access
Chapter 8 749
• Do not choose a word found in a dictionary in any language, even if
you spell it backwards. Software programs exist that can find and
match it.
• Do not choose a password easily associated with you, such as a
family or pet name, or a hobby.
• Do not use simple keyboard sequences, such as asdfghjkl, or
repetitions of your login (e.g., if your login is ann; a bad password is
annann).
• Misspelled words or combined syllables from two unrelated words
make suitable passwords. Another popular method is to use the first
characters of a favorite title or phrase for a password.
• Consider using a password generator that combines syllables to
make pronounceable gibberish.
Management must forbid sharing of passwords. It is a security violation
for users to share passwords.
Password File
A standard system maintains one password file: /etc/passwd.
If NIS+ is configured, this process is more complex; see “Network
Information Service Plus (NIS+)” on page 839.
All passwords are encrypted immediately after entry, and stored in the
password file, /etc/passwd. Only the encrypted password is used in
comparisons.
Do not permit any empty/null password fields in the password file. This
leaves a potential for security breach, because any user can set the
password for that account before a password is set for the first time.
Do not edit the password file directly. Use SAM, useradd, userdel, or
usermod to modify password file entries.
The /etc/passwd File
The /etc/passwd file is used to authenticate a user at login time for
standard HP-UX. The file contains an entry for every account on the
HP-UX system. Each entry consists of seven fields, separated by colons;
see passwd (4). A typical /etc/passwd entry looks like this:
robin:Z.yxGaSvxAXGg:102:99:Robin Hood,Rm 3,x9876,408-555-1234:/home/robin:/usr/bin/sh