Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring HP-UX Bastille: Interview
Bastille Configuration Questions and Explanations for HP-UX
Appendix B972
user. A user is not allowed to re-use a stored, previously used password.
This will cause the system to be converted to trusted mode.
PASSWORD_HISTORY_DEPTH=N A new password is checked against only the N
most recently used passwords for a particular user.
A configuration of password history depth of 2 prevents users from
alternating between two passwords. The maximum password history depth
supported is 10 and the minimum password history depth supported is 1. A
depth configuration of more than 10 will be treated as 10, and a depth
configuration of less than 1 will be treated as 1.
The password history depth configuration is on a system basis and is
supported in trusted system for users in files repository only. This
feature does not support the users in NIS or NISPLUS repositories. Once
the feature is enabled, all the users on the system are subject to the
same check. If this parameter is not configured, the password history
check feature is automatically disabled. When the feature is disabled,
the password history check depth is set to 1.
A password change is subject to all of the other rules for a new password
including a check with the current password.
Account Security Q: Enter the maximum number of days between password changes:
[182]
This parameter controls the default maximum number of
days that passwords are valid. For systems running HP-UX 11.11 and
HP-UX 11.0 setting this value will require a conversion to trusted
mode. HP-UX 11.22 and later will require shadowed password conversion.
In that case this parameter applies only to local non-root users.
PASSWORD_MAXDAYS=N A new password is valid for up to
N days, after which the password must be changed. Values between
0 and 441 are acceptable.
NOTE: If your system is not converted to trusted mode then this value
will be rounded up to weeks for current users.
Account Security Q: Enter the minimum number of days between password changes. [7]
This parameter controls the default minimum number of
days before a password can be changed. For systems running HP-UX 11.11 and
HP-UX 11.0 setting this value will require a conversion to trusted
mode. HP-UX 11.22 and later will require shadowed password conversion.
In that case this parameter applies only to local non-root users. When used with
password aging, this prevents users from immediately resetting expired passwords.
PASSWORD_MINDAYS=N A new password cannot be changed
until at least N days since it was last changed. Values between
0 and 441 are acceptable, but it is wise to choose a value much