HP-UX Reference (11i v1 05/09) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

281

282

283

284

285

286

287

288

289

290

security(4) security(4)

NAME

security - security defaults conﬁguration ﬁle

DESCRIPTION

A number of system commands and features are conﬁgured based on certain parameters deﬁned in the

/etc/default/security

conﬁguration ﬁle. This ﬁle must be world readable and root writable.

Each line in the ﬁle is treated either as a comment or as conﬁguration information for a given system com-

mand or feature. Comments are denoted by a

# at the beginning of a line. Noncomment lines are of the

form,

parameter=value

If any parameter is not deﬁned or is commented out in this ﬁle, the default behavior detailed below will

apply.

Parameter deﬁnitions, valid values, and defaults are deﬁned as follows:

ABORT_LOGIN_ON_MISSING_HOMEDIR

This parameter controls login behavior if a user’s home directory does not exist. This is

applicable only for non-root users.

ABORT_LOGIN_ON_MISSING_HOMEDIR=0

the user’s home directory does not exist.

ABORT_LOGIN_ON_MISSING_HOMEDIR=1

Exit the login session if the user’s home

directory does not exist.

Default value:

ABORT_LOGIN_ON_MISSING_HOMEDIR=0

BOOT_AUTH

If the BOOTAUTH11i bundle is installed, this parameter controls whether authentication

is required to boot the system into single user mode. If enabled, the system cannot be

booted into single user mode until the root password is provided. This parameter does not

apply to trusted systems.

BOOT_AUTH=0 Boot authentication is turned OFF.

BOOT_AUTH=1 Boot authentication is turned ON.

Default value: BOOT_AUTH=0

MIN_PASSWORD_LENGTH

This parameter controls the minimum length of new passwords. It is not applicable to the

root user on an untrusted system.

MIN_PASSWORD_LENGTH=

N New passwords must contain at least N characters. For

untrusted systems, N can be any value from 6 to 8. For trusted systems, N can be any

value from 6 to 80.

Default value:

MIN_PASSWORD_LENGTH=6

NOLOGIN

This parameter controls whether non-root login can be disabled by the /etc/nologin

ﬁle.

NOLOGIN=0 Ignore the /etc/nologin ﬁle and do not exit if the /etc/nologin

ﬁle exists.

NOLOGIN=1 Display the contents of the /etc/nologin ﬁle and exit if the

/etc/nologin ﬁle exists.

Default value: NOLOGIN=0

NUMBER_OF_LOGINS_ALLOWED

This parameter controls the number of simultaneous logins allowed per user. This is appli-

cable only for non-root users.

NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are allowed per user.

NUMBER_OF_LOGINS_ALLOWED=NNnumber of logins are allowed per user.

Default value: NUMBER_OF_LOGINS_ALLOWED=0

PASSWORD_HISTORY_DEPTH

This parameter controls the password history depth. A new password is checked only

Section 4−−274 Hewlett-Packard Company − 1 − HP-UX 11i Version 1: September 2005