security.4 (2012 03)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

security(4) security(4)

PASSWORD_MIN_UPPER_CASE_CHARS=

N Speciﬁes that a minimum of N

upper-case characters are required in a password when changed.

PASSWORD_MIN_LOWER_CASE_CHARS=

N Speciﬁes that a minimum of N

lower-case characters are required in a password when changed.

PASSWORD_MIN_DIGIT_CHARS=

N Speciﬁes that a minimum of N digit charac-

ters are required in a password when changed.

PASSWORD_MIN_SPECIAL_CHARS=

N Speciﬁes that a minimum of N special

characters are required in a password when changed.

Default value: The default for each of these attributes is zero.

PASSWORD_MAXDAYS

This attribute controls the default maximum number of days that passwords are

valid. This value, if speciﬁed, is used by the authentication subsystem during the

password change process in the case where aging restrictions do not already exist

for the given user. The value takes effect after the password change. This attribute

applies only to local users and does not apply to trusted systems. The

passwd -x

option can be used to override this value for a speciﬁc user.

PASSWORD_MAXDAYS=

N A new password is valid for up to N days, after which

the password must be changed. N can be an integer from -1 to 441.

Default value:

PASSWORD_MAXDAYS=-1

password aging is turned off.

PASSWORD_MINDAYS

This attribute controls the default minimum number of days before a password can

be changed. This value is used by the authentication subsystem during the pass-

word change process in the case where aging restrictions do not already exist for the

user. The value is stored persistently and takes effect after the password change.

This attribute applies only to local users and does not apply to trusted systems. The

passwd -n option can be used to override this value for a speciﬁc user.

PASSWORD_MINDAYS=

N A new password cannot be changed until at least N

days since it was last changed. N can be an integer from 0 to 441.

Default value:

PASSWORD_MINDAYS=0

PASSWORD_POLICY_STRICT

This attribute imposes restrictions when root is changing passwords. These restric-

tions already apply to normal users.

PASSWORD_POLICY_STRICT=0

User root is not subject to restrictions when

changing passwords.

PASSWORD_POLICY_STRICT=1

When user root changes a password, restric-

tions are imposed as follows.

The next two restrictions apply to root only when changing root’s own password.

They do not apply when root is changing the password of a normal user.

• Prompt and require root to input the old password.

• Enforce minimal difference between old and new password.

All of the remaining restrictions apply to root changing any password, either root’s

own password or the password for a different user.

• Enforce

PASSWORD_MINDAYS.

• Enforce conﬁgurable minimal password length,

MIN_PASSWORD_LENGTH.

• Enforce conﬁgurable password quality as deﬁned by the attributes

PASSWORD_MIN_UPPER_CASE_CHARS,

PASSWORD_MIN_LOWER_CASE_CHARS, PASSWORD_MIN_DIGIT_CHARS,

PASSWORD_MIN_SPECIAL_CHARS.

• Enforce the hardwired minimal password quality (at least 2 alpha and 1 non-

alpha characters).

• Enforce

PASSWORD_HISTORY_DEPTH.

6 Hewlett-Packard Company − 6 − HP-UX 11i Version 3: March 2012