security.4 (2011 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

security(4) security(4)

PASSWORD_MAXDAYS=

N A new password is valid for up to N days, after which

the password must be changed. N can be an integer from -1 to 441.

Default value:

PASSWORD_MAXDAYS=-1

password aging is turned off.

PASSWORD_MINDAYS

This attribute controls the default minimum number of days before a password can

be changed. This value is used by the authentication subsystem during the pass-

word change process in the case where aging restrictions do not already exist for the

user. The value is stored persistently and takes effect after the password change.

This attribute applies only to local users and does not apply to trusted systems. The

passwd -n option can be used to override this value for a speciﬁc user.

PASSWORD_MINDAYS=

N A new password cannot be changed until at least N

days since it was last changed. N can be an integer from 0 to 441.

Default value:

PASSWORD_MINDAYS=0

PASSWORD_POLICY_STRICT

This attribute imposes restrictions when root is changing passwords. These restric-

tions already apply to normal users.

PASSWORD_POLICY_STRICT=0

User root is not subject to restrictions when

changing passwords.

PASSWORD_POLICY_STRICT=1

When user root changes a password, restric-

tions are imposed as follows.

The next two restrictions apply to root only when changing root’s own password.

They do not apply when root is changing the password of a normal user.

• Prompt and require root to input the old password.

• Enforce minimal difference between old and new password.

All of the remaining restrictions apply to root changing any password, either root’s

own password or the password for a different user.

• Enforce

PASSWORD_MINDAYS

• Enforce conﬁgurable minimal password length,

MIN_PASSWORD_LENGTH

• Enforce conﬁgurable password quality as deﬁned by the attributes

PASSWORD_MIN_UPPER_CASE_CHARS

PASSWORD_MIN_LOWER_CASE_CHARS

, PASSWORD_MIN_DIGIT_CHARS

PASSWORD_MIN_SPECIAL_CHARS

• Enforce the hardwired minimal password quality (at least 2 alpha and 1 non-

alpha characters).

• Enforce

PASSWORD_HISTORY_DEPTH.

The

PASSWORD_POLICY_STRICT attribute is only valid if the libpam_unix

patch PHCO_40838 or later is installed.

Default value:

PASSWORD_POLICY_STRICT=0

PASSWORD_WARNDAYS

This attribute controls the default number of days before password expiration that a

user is to be warned that the password must be changed. This value, if speciﬁed, is

used by the authentication subsystem during the password change process in the

case where aging restrictions do not already exist for the given user. The value

takes effect after the password change. This attribute applies only to local users on

shadow password systems. The passwd -w option can be used to override this

value for a speciﬁc user.

PASSWORD_WARNDAYS=N Users are warned N days before their password

expires. N can be an integer from 0 to 441.

Default value:

PASSWORD_WARNDAYS=0 (no warning)

SU_DEFAULT_PATH

This attribute deﬁnes a new default PATH environment value to be set when su to a

non-superuser account is done. Refer to su(1).

6 Hewlett-Packard Company − 6 − HP-UX 11i Version 3: September 2011