Manualshelf

security.4 (2012 03)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages
12345678
s
security(4) security(4)
/var/adm/userdb
(described in userdb (4)).
LOGIN_TIMES=timeperiod An account is locked if the current time is not
within the specified time period. The timeperiod consists of any number of day and
time ranges separated by colons. A user is allowed to access the system when the
login time is within any of the specified ranges. The days are specified by the fol-
lowing abbreviations:
Su Mo Tu We Th Fr Sa Wk Any
Where Wk is all week days and Any
is any day of the week.
A time range can be included after the day specification. A time range is a 24-hour
time period, specified as hours and minutes separated by a hyphen. Each time
must be specified with 4 digits (HHMM-HHMM ). Leading zeros are required. This
time range indicates the start and end time for the specified days. The start time
must be less than the end time. When no time range is specified, all times within
the day(s) are valid.
If the current time is within the range of any of the time ranges specified for a user,
the user is allowed to access the system.
Do not use
0000-0000
as a time range to prevent user access. For example,
Any:Fr0000-0000 cannot be used to disallow access on Fridays. Instead,
SuMo-
TuWeThSa should be used. See the EXAMPLES section.
Default value:
LOGIN_TIMES=Any
Can login any day of the week.
LONG_PASSWORD
This attribute determines whether or not the length of a password can exceed 8
characters.
This attribute is valid only when the LongPassword11i3 product is installed and the
password hash algorithm is different from the traditional DES-based hash algo-
rithm, see CRYPT_DEFAULT.
LONG_PASSWORD=0 Passwords are limited to 8 characters.
LONG_PASSWORD=1 Passwords can have more than 8 characters.
Default value:
LONG_PASSWORD=0
MIN_PASSWORD_LENGTH
This attribute controls the minimum length of new passwords. On trusted systems
it applies to all users. On standard systems it applies to non-root local users and to
NIS users. On systems in standard or shadow mode, it applies to root if
PASSWORD_POLICY_STRICT=1
. The system-wide default defined here may be
overridden by defining per-user values in
/var/adm/userdb
(described in
userdb(4)).
MIN_PASSWORD_LENGTH=N New passwords must contain at least N charac-
ters. For standard systems, N can be any value from 3 to 8. For trusted systems, N
can be any value from 6 to 80.
Default value:
MIN_PASSWORD_LENGTH=6
NOLOGIN This attribute controls whether non-root login can be disabled by the
/etc/nologin file. Note that this attribute only applies to the applications that
use session management services provided by pam_hpsec as configured in
/etc/pam.conf, or those services that indirectly invoke login such as the
telnetd and rlogind commands. Other services may or may not choose to
enforce the /etc/nologin file.
NOLOGIN=0 Ignore the /etc/nologin file and do not exit if the
/etc/nologin file exists.
NOLOGIN=1 Display the contents of the /etc/nologin file and exit if the
/etc/nologin file exists.
Default value:
NOLOGIN=0
4 Hewlett-Packard Company 4 HP-UX 11i Version 3: March 2012