security.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

security(4) security(4)

userdbset -d -u username auth_failures

AUTH_MAXTRIES=0

Any number of authentication retries is allowed.

AUTH_MAXTRIES=

N An account is locked after N+1 consecutive authentication

failures. N can be any positive integer.

Default value:

AUTH_MAXTRIES=0

BOOT_AUTH This attribute controls whether authentication is required to boot the system into

single user mode. If enabled, the system cannot be booted into single user mode

until the password of an authorized user is provided.

This attribute does not apply to trusted systems. However, if boot authentication is

enabled on a standard system, then when the system is converted to a trusted sys-

tem, boot authentication will also be enabled as default for the trusted system.

BOOT_AUTH=0 Boot authentication is turned OFF.

BOOT_AUTH=1 Boot authentication is turned ON.

Default value:

BOOT_AUTH=0

BOOT_USERS This attribute deﬁnes the names of users who are authorized to boot the system into

single user mode from the console. Names are separated by a comma (,). It only

takes effect when boot authentication is enabled. Refer to the description of the

BOOT_AUTH attribute.

The

BOOT_USERS attribute does not apply to trusted systems. However, when a

standard system is converted to a trusted system, this information is translated.

For example:

BOOT_USERS=mary,jack

Other than the root user, user mary or jack can also boot the system into single

user mode from the console.

Default value:

BOOT_USERS=root

CRYPT_ALGORITHMS_DEPRECATE

This attribute lists the password hash algorithms that must be deprecated when a

user’s password is changed.

This attribute is only valid when the SHA11i3 product is installed.

CRYPT_DEFAULT

This attribute speciﬁes the default password hash algorithm. It is used when a new

user password is created, and either the user did not have a password before or the

old password was hashed with a deprecated algorithm (listed in

CRYPT_ALGORITHMS_DEPRECATE

). The value of CRYPT_DEFAULT should not

be present in

CRYPT_ALGORITHMS_DEPRECATE.

This attribute is only valid when the SHA11i3 product is installed.

CRYPT_DEFAULT=__unix__ The default hash algorithm is the traditional

DES-based algorithm. Refer to crypt (3C) for more information.

CRYPT_DEFAULT=6 The default hash algorithm is method 6, a newer hash

algorithm based on SHA-512.

For example:

CRYPT_ALGORITHMS_DEPRECATE=__unix__

CRYPT_DEFAULT=6

If a user’s password is created for the ﬁrst time, it is hashed using method 6.Orif

a user’s old password was hashed using __unix__, the new password is hashed

using method 6.

Default value:

CRYPT_DEFAULT=__unix__

DISPLAY_LAST_LOGIN

This attribute controls whether a successful login displays the date, time and origin

of the last successful login and the last authentication failure. Times are displayed

2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010