security.4 (2012 03)
s
security(4) security(4)
OVERRIDE_SYSDEF_PWAGE
This attribute applies to shadow mode only. During a password change it deter-
mines if password aging attributes max days, min days and warn days (described in
shadow(4)) are inherited from the /etc/default/security
values when no
password aging is specified in the shadow file. This attribute is applicable to local
users.
The system-wide default value defined for this attribute in
/etc/default/security
may be overridden by defining a per-user value in
/var/adm/userdb
(described in Userdb(4)).
OVERRIDE_SYSDEF_PWAGE=0
The password aging attributes defined in
/etc/default/security
are inheritable when a password is changed.
OVERRIDE_SYSDEF_PWAGE=1
The default password aging values in
/etc/default/security
are ignored.
Password aging attributes are read exclusively from the
/etc/shadow file during
a password change.
Default value:
OVERRIDE_SYSDEF_PWAGE=0
NUMBER_OF_LOGINS_ALLOWED
This attribute controls the number of simultaneous logins allowed per user. Note
that this is only enforced for non-root users and only applies to the applications that
use session management services provided by pam_hpsec as configured in
/etc/pam.conf, or those services that indirectly invoke login, such as the
telnetd and rlogind commands. The system-wide default defined here may be
overridden by defining a per-user value in /var/adm/userdb
(described in
userdb(4)).
NUMBER_OF_LOGINS_ALLOWED=0
Any number of logins are allowed per user.
NUMBER_OF_LOGINS_ALLOWED=
NNnumber of logins are allowed per user.
Default value:
NUMBER_OF_LOGINS_ALLOWED=0
PASSWORD_HISTORY_DEPTH
This attribute controls the password history depth. A new password is checked
against passwords stored in the user’s password history. This prevents the user
from re-using a recently used password.
This attribute applies to local, non-root users. On a system in standard or shadow
mode, it also applies to root if
PASSWORD_POLICY_STRICT=1
.
For a trusted system, the maximum password history depth is 10 and the minimum
is 1.
For a standard system, the maximum password history depth is 24 and the
minimum is 1. The system-wide default defined here may be overridden by defining
a per-user value in
/var/adm/userdb (described in userdb (4)).
PASSWORD_HISTORY_DEPTH=N A new password is checked against the N
most recently used passwords, including the current password. For example, a
password history depth of 2 prevents a user from alternating between two pass-
words.
Default value:
PASSWORD_HISTORY_DEPTH=1 Cannot re-use the current
password.
PASSWORD_MIN_type _CHARS
Attributes of this form are used to require new passwords to have a minimum
number of characters of particular types (upper case, lower case, digits or special
characters). This can be helpful in enforcing site security policies about selecting
passwords that are not easy to guess. This attribute applies to local, non-root users.
On a system in standard or shadow mode, it also applies to root if
PASSWORD_POLICY_STRICT=1. The system-wide default defined here may be
overridden by defining a per-user value in /var/adm/userdb (described in
userdb(4)).
HP-UX 11i Version 3: March 2012 − 5 − Hewlett-Packard Company 5