Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring HP-UX Bastille: Interview
Bastille Configuration Questions and Explanations for HP-UX
Appendix B 973
less than the PASSWORD_MAXDAYS!
However, if there is ever a need to temporarily give someone your password,
(there are generally more secure alternatives) this option could prevent
changing the password immediately following.
NOTE: If your system is not converted to trusted mode then this value
will be rounded up to weeks for current users.
Account Security Q: Enter the number of days a user will be warned that their password
will expire. [28]
This parameter controls the default number of days
before password expiration that a user is to be warned
that the password must be changed. For systems running HP-UX 11.11 and
HP-UX 11.0 setting this value will require a conversion to trusted
mode. HP-UX 11.22 and later will require shadowed password conversion.
In that case this parameter applies only to local non-root users.
PASSWORD_WARNDAYS=N Users are warned N days before
their password expires. Values between 0 and 441 are
acceptable, though it doesn't make sense for this value
to be larger than PASSWORD_MAXDAYS.
NOTE: If your system is not converted to trusted mode then this value
will be rounded up to weeks for current users.
Account Security Q: Should non-root users be disallowed from logging in if /etc/nologin
exists? [Y]
The NOLOGIN parameter controls whether non-root login can be
disabled by the /etc/nologin file.
If you answer "Y", the NOLOGIN parameter will be set to 1. When a non-root
user tried to login, the system will display the contents of the /etc/nologin
file and exit if the /etc/nologin file exists.
This can be useful for system maintenance or if you wish to disallow non-root
logins completely. In general this feature gives you a more granular control
of your system thus enhancing your ability to secure and validate your system
configuration before your system is threatened by local users.
NOTE: This is applicable only for non-root users and only for services
which use the "login" binary for authentication.
Account Security Q: Do you want to set a maximum number of logins per user? [N]
The NUMBER_OF_LOGINS_ALLOWED parameter controls the number of
simultaneous logins allowed per user. This is applicable only for non-root
users. This may be useful in limiting the sharing of user accounts and
alerting users to a compromised account.