security.4 (2011 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

security(4) security(4)

NUMBER_OF_LOGINS_ALLOWED

This attribute controls the number of simultaneous logins allowed per user. Note

that this is only enforced for non-root users and only applies to the applications that

use session management services provided by pam_hpsec as conﬁgured in

/etc/pam.conf, or those services that indirectly invoke

telnetd and rlogind commands. The system-wide default deﬁned here may be

overridden by deﬁning a per-user value in

/var/adm/userdb (described in

userdb(4)).

NUMBER_OF_LOGINS_ALLOWED=0

Any number of logins are allowed per user.

NUMBER_OF_LOGINS_ALLOWED=

NNnumber of logins are allowed per user.

Default value:

NUMBER_OF_LOGINS_ALLOWED=0

PASSWORD_HISTORY_DEPTH

This attribute controls the password history depth. A new password is checked

against passwords stored in the user’s password history. This prevents the user

from re-using a recently used password.

This attribute applies to local, non-root users. On a system in standard or shadow

mode, it also applies to root if

PASSWORD_POLICY_STRICT=1

For a trusted system, the maximum password history depth is 10 and the minimum

is 1.

For a standard system, the maximum password history depth is 24 and the

minimum is 1. The system-wide default deﬁned here may be overridden by deﬁning

a per-user value in

/var/adm/userdb

(described in userdb (4)).

PASSWORD_HISTORY_DEPTH=

N A new password is checked against the N

most recently used passwords, including the current password. For example, a

password history depth of 2 prevents a user from alternating between two pass-

words.

Default value:

PASSWORD_HISTORY_DEPTH=1

Cannot re-use the current

password.

PASSWORD_MIN_type _CHARS

Attributes of this form are used to require new passwords to have a minimum

number of characters of particular types (upper case, lower case, digits or special

characters). This can be helpful in enforcing site security policies about selecting

passwords that are not easy to guess. This attribute applies to local, non-root users.

On a system in standard or shadow mode, it also applies to root if

PASSWORD_POLICY_STRICT=1

. The system-wide default deﬁned here may be

overridden by deﬁning a per-user value in

/var/adm/userdb

(described in

userdb(4)).

PASSWORD_MIN_UPPER_CASE_CHARS=N Speciﬁes that a minimum of N

upper-case characters are required in a password when changed.

PASSWORD_MIN_LOWER_CASE_CHARS=N Speciﬁes that a minimum of N

lower-case characters are required in a password when changed.

PASSWORD_MIN_DIGIT_CHARS=N Speciﬁes that a minimum of N digit charac-

ters are required in a password when changed.

PASSWORD_MIN_SPECIAL_CHARS=N Speciﬁes that a minimum of N special

characters are required in a password when changed.

Default value: The default for each of these attributes is zero.

PASSWORD_MAXDAYS

This attribute controls the default maximum number of days that passwords are

valid. This value, if speciﬁed, is used by the authentication subsystem during the

password change process in the case where aging restrictions do not already exist

for the given user. The value takes effect after the password change. This attribute

applies only to local users and does not apply to trusted systems. The passwd -x

option can be used to override this value for a speciﬁc user.

HP-UX 11i Version 3: September 2011 − 5 − Hewlett-Packard Company 5