security.4 (2010 09)
s
security(4) security(4)
PASSWORD_HISTORY_DEPTH=
N A new password is checked against the N
most recently used passwords, including the current password. For example, a
password history depth of 2 prevents a user from alternating between two pass-
words.
Default value:
PASSWORD_HISTORY_DEPTH=1
Cannot re-use the current
password.
PASSWORD_MIN_type _CHARS
Attributes of this form are used to require new passwords to have a minimum
number of characters of particular types (upper case, lower case, digits or special
characters). This can be helpful in enforcing site security policies about selecting
passwords that are not easy to guess. This attribute applies only to non-root local
users. The system-wide default defined here may be overridden by defining a per-
user value in
/var/adm/userdb
(described in userdb (4)).
PASSWORD_MIN_UPPER_CASE_CHARS=
N Specifies that a minimum of N
upper-case characters are required in a password when changed.
PASSWORD_MIN_LOWER_CASE_CHARS=
N Specifies that a minimum of N
lower-case characters are required in a password when changed.
PASSWORD_MIN_DIGIT_CHARS=
N Specifies that a minimum of N digit charac-
ters are required in a password when changed.
PASSWORD_MIN_SPECIAL_CHARS=
N Specifies that a minimum of N special
characters are required in a password when changed.
Default value: The default for each of these attributes is zero.
PASSWORD_MAXDAYS
This attribute controls the default maximum number of days that passwords are
valid. This value, if specified, is used by the authentication subsystem during the
password change process in the case where aging restrictions do not already exist
for the given user. The value takes effect after the password change. This attribute
applies only to local users and does not apply to trusted systems. The passwd -x
option can be used to override this value for a specific user.
PASSWORD_MAXDAYS=
N A new password is valid for up to N days, after which
the password must be changed. N can be an integer from -1 to 441.
Default value:
PASSWORD_MAXDAYS=-1
password aging is turned off.
PASSWORD_MINDAYS
This attribute controls the default minimum number of days before a password can
be changed. This value is used by the authentication subsystem during the pass-
word change process in the case where aging restrictions do not already exist for the
user. The value is stored persistently and takes effect after the password change.
This attribute applies only to local users and does not apply to trusted systems. The
passwd -n option can be used to override this value for a specific user.
PASSWORD_MINDAYS=N A new password cannot be changed until at least N
days since it was last changed. N can be an integer from 0 to 441.
Default value:
PASSWORD_MINDAYS=0
PASSWORD_WARNDAYS
This attribute controls the default number of days before password expiration that a
user is to be warned that the password must be changed. This value, if specified, is
used by the authentication subsystem during the password change process in the
case where aging restrictions do not already exist for the given user. The value
takes effect after the password change. This attribute applies only to local users on
shadow password systems. The passwd -w option can be used to override this
value for a specific user.
PASSWORD_WARNDAYS=N Users are warned N days before their password
expires. N can be an integer from 0 to 441.
Default value:
PASSWORD_WARNDAYS=0 (no warning)
HP-UX 11i Version 3: September 2010 − 5 − Hewlett-Packard Company 5