passwd.1 (2010 09)
p
passwd(1) passwd(1)
Default values may be set in the
/etc/default/security
file for the -n min, -x max, and -w
warn options. See security (4). The attributes to select password aging defaults are:
PASSWORD_MINDAYS
PASSWORD_MAXDAYS
PASSWORD_WARNDAYS
Password Construction Requirements
Passwords must be constructed to meet the following requirements:
• On a standard system, only the first eight characters of a password are significant.
• The default minimum password length is six characters for non-root users on a standard system and
for all users on a trusted system. See the description of the
MIN_PASSWORD_LENGTH
attribute in
security (4) for information on how to change this restriction.
• Characters must be from the 7-bit US-ASCII character set; letters from the English alphabet.
• A password must contain at least two letters and at least one numeric or special character.
• A password must differ from the user’s login name and any reverse or circular shift of that login
name. For comparison purposes, an uppercase letter and its corresponding lowercase equivalent
are treated as identical.
• A new password must differ from the old one by at least three characters (one character for non
super user if changed by the super user in a trusted system).
Repository Configuration
The
/etc/nsswitch.conf
file specifies the repositories for which the password must be modified.
The following configurations are supported:
• passwd: files
• passwd: files nis
• passwd: compat (--> files nis)
Authorizations
When the Role-Based Access Control Extensions product (RBACExt) is installed, users with specific
authorizations can be granted access to some of the
passwd options that normally require privileged
user access when the files or NIS repositories are used.
Refer to rbac (5) for more information on the Role-Based Access Control product. The following is a list of
the required authorizations for running
passwd with particular options:
hpux.security.password, change
Allows a user to modify the password of any non-root user.
hpux.security.password, delete
Allows a user to use the -d option to delete the password of any non-root user.
hpux.security.password, display
Allows a user to use the -s option to display the password attributes of any user.
hpux.security.password, expire
Allows a user to use the -f option to expire the password of any non-root user.
hpux.security.password, gecos
Allows a user to use the -g option (or chfn) to modify the gecos information of any non-root user.
hpux.security.password, homedir
Allows a user to use the -h option to change the home directory of any non-root user.
hpux.security.password, lock
Allows a user to use the -l option to lock the account of any non-root user.
hpux.security.password, maxage
Allows a user to use the -x option to specify the expiration time of a password of any non-root user.
hpux.security.password, minage
Allows a user to use the -n option to specify, for non-root users, the minimum number of days that
must transpire before a password can be changed.
HP-UX 11i Version 3: September 2010 − 3 − Hewlett-Packard Company 3