HP-UX Reference (11i v1 05/09) - 1 User Commands N-Z (vol 2)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

131

132

133

134

135

136

137

138

139

140

passwd(1) passwd(1)

A password is no longer usable after a time period known as the password lifetime. After the lifetime

passes, the account is locked until it is re-enabled by a system administrator. Once unlocked, the user is

forced to change the password before using the account.

The

-n min and -x max arguments are each represented in units of days. These arguments are

rounded up to the nearest week on a standard system. If only one of the two arguments is supplied and the

other argument does not exist, then the number of days is set to zero.

If the ShadowPassword

bundle has been installed, then default values may be set in the

/etc/default/security

ﬁle for the

-n min, -x max, and -w warn options. See security(4).

The parameters to select password aging defaults are:

PASSWORD_MINDAYS

PASSWORD_MAXDAYS

PASSWORD_WARNDAYS

Password Construction Requirements

Passwords must be constructed to meet the following requirements:

• On an untrusted system, only the ﬁrst eight characters of a password are signiﬁcant.

• On an untrusted system, passwords of non-root users must have at least six characters. On a trusted

system, passwords of all users must have at least six characters. This restriction on the password

length can be increased to a value larger than six. Refer to the security(4) manual page for detailed

information on conﬁgurable parameters that affect the behavior of this command. The parameter to

select the minimum password length is

MIN_PASSWORD_LENGTH

• Characters must be from the 7-bit US-ASCII character set; letters from the English alphabet.

• A password must contain at least two letters and at least one numeric or special character.

• A password must differ from the user’s login name and any reverse or circular shift of that login

name. For comparison purposes, an uppercase letter and its corresponding lowercase equivalent are

treated as identical.

• A new password must differ from the old one by at least three characters (one character for non super

user if changed by the super user in a trusted system).

Repository Conﬁguration

The

/etc/nsswitch.conf

ﬁle speciﬁes the repositories for which the password must be modiﬁed. The

following conﬁgurations are supported:

• passwd: ﬁles

• passwd: ﬁles nisplus

• passwd: ﬁles nis

• passwd: compat (--> ﬁles nis)

• passwd: compat (--> ﬁles nisplus)

• passwd_compat: nisplus

Smart Card Login

If the user account is conﬁgured to use a Smart Card, the user password is stored in the card. This pass-

word has characteristics identical to a normal password stored on the system.

The Smart Card must be inserted into the Smart Card reader. The user is prompted for a PIN instead of a

password during authentication.

Enter PIN:

The password is retrieved automatically from the Smart Card when a valid PIN is entered. Therefore, it is

not necessary to know the password, only the PIN.

If the system retrieves a valid old password from the card, a new password is requested (twice). If the new

password meets all requirements, the system automatically overwrites the old password stored on the card

with the new password.

HP-UX 11i Version 1: September 2005 − 3 − Hewlett-Packard Company Section 1−−687