Planning and Configuring HP-UX DCE 1.9
Chapter 2
About HP-UX DCE Version 1.9
HP Password Management Server
23
The example Password Management Server does not support values 1 or 2 for pwd_SecureWare_chk, since
these use proprietary SecureWare algorithms. If a principal is configured with a pwd_SecureWare_chk value
of 1 or 2, the principal will be unable to change passwords, and the logfile /var/
opt/dce/security/pwd_strength.log will report that the pwd_SecureWare_chk level is not supported.
An example of a dcecp command for configuring a principal with these attributes is:
dcecp -c principal modify esmerelda -add { \ {pwd_val_type 1} \{pwd_mgmt_binding { \
{dce /.:/pwd_strength pktprivacy secret name} \ {/.:/subsys/dce/sec/pwd_mgmt/pwd_strength} \ } \ } \
{pwd_SecureWare_chk 0} \ }
You must set the minimum length of the password using the DCE Registry policies:
dcecp -c registry modify -change {pwdminlen 6}
Examples of other DCE Registry password policy attributes in dcecp syntax are:
• {pwdalpha no}
• {pwdspaces no}
• {pwdexpdate none}
• {pwdlife unlimited effective 5 days}
Only the pwdminlen, pwdalpha, and pwdspaces attributes are checked by the Password Management Server;
the DCE Registry checks the remaining attributes itself.