Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Trusted Passwords and System Access
Chapter 8 805
On Trusted Systems, key security elements are held in the protected
password database, accessible only to superusers. Password data entries
should be set via SAM. Password data which are not set for a user will
default to the system defaults stored in the file
/tcb/files/auth/system/default.
The protected password database contains many authentication entries
for the user. See prpwd (4) for more information on these entries, which
include:
• User name and user ID.
• Encrypted password.
• Account owner.
• Boot flag: whether the user can boot to single user mode or not. (See
security (4).)
• Audit ID and audit flag (whether audit is on or not).
• Minimum time between password change.
• Password maximum length.
• Password expiration time, after which the password must be
changed.
• Password lifetime, after which the account is locked.
• Time of last successful and unsuccessful password change.
• Absolute time (date) when the account will expire.
• Maximum time allowed between logins before the account is locked.
• Number of days before expiration when a warning will appear.
• Whether passwords are user-generated or system-generated.
• Whether a triviality check is performed on a user-generated
password.
• Type of system-generated passwords.
• Whether null passwords are allowed for this account.
• User ID of last person to change password, if not the account owner.
• Time periods when this account can be used for login.
• The terminal or remote hosts associated with the last successful and
unsuccessful logins to this account.