security.4 (2010 09)
s
security(4) security(4)
Do not use 0000-0000
as a time range to prevent user access. For example,
Any:Fr0000-0000
cannot be used to disallow access on Fridays. Instead,
SuMo-
TuWeThSa should be used. See the EXAMPLES section.
Default value:
LOGIN_TIMES=Any
Can login any day of the week.
LONG_PASSWORD
This attribute determines whether or not the length of a password can exceed 8
characters.
This attribute is valid only when the LongPassword11i3 product is installed and the
password hash algorithm is different from the traditional DES-based hash algo-
rithm, see CRYPT_DEFAULT.
LONG_PASSWORD=0
Passwords are limited to 8 characters.
LONG_PASSWORD=1
Passwords can have more than 8 characters.
Default value:
LONG_PASSWORD=0
MIN_PASSWORD_LENGTH
This attribute controls the minimum length of new passwords. On trusted systems
it applies to all users. On standard systems it applies to non-root local users and to
NIS users. The system-wide default defined here may be overridden by defining
per-user values in /var/adm/userdb
(described in userdb (4)).
MIN_PASSWORD_LENGTH=
N New passwords must contain at least N charac-
ters. For standard systems, N can be any value from 3 to 8. For trusted systems, N
can be any value from 6 to 80.
Default value:
MIN_PASSWORD_LENGTH=6
NOLOGIN This attribute controls whether non-root login can be disabled by the
/etc/nologin file. Note that this attribute only applies to the applications that
use session management services provided by pam_hpsec as configured in
/etc/pam.conf, or those services that indirectly invoke login such as the
telnetd and rlogind commands. Other services may or may not choose to
enforce the /etc/nologin file.
NOLOGIN=0 Ignore the /etc/nologin file and do not exit if the
/etc/nologin file exists.
NOLOGIN=1 Display the contents of the /etc/nologin file and exit if the
/etc/nologin file exists.
Default value:
NOLOGIN=0
NUMBER_OF_LOGINS_ALLOWED
This attribute controls the number of simultaneous logins allowed per user. Note
that this is only enforced for non-root users and only applies to the applications that
use session management services provided by pam_hpsec as configured in
/etc/pam.conf, or those services that indirectly invoke login, such as the
telnetd and rlogind commands. The system-wide default defined here may be
overridden by defining a per-user value in /var/adm/userdb (described in
userdb(4)).
NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are allowed per user.
NUMBER_OF_LOGINS_ALLOWED=NNnumber of logins are allowed per user.
Default value:
NUMBER_OF_LOGINS_ALLOWED=0
PASSWORD_HISTORY_DEPTH
This attribute controls the password history depth. A new password is checked
against passwords stored in the user’s password history. This prevents the user
from re-using a recently used password. This attribute applies only to local users.
For a trusted system, the maximum password history depth is 10 and the minimum
is 1.
For a standard system, the maximum password history depth is 24 and the
minimum is 1. The system-wide default defined here may be overridden by defining
a per-user value in
/var/adm/userdb (described in userdb (4)).
4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2010