HP-UX Reference (11i v1 05/09) - 4 File Formats (vol 8)
s
security(4) security(4)
against the number of most recently used passwords stored in password history for a partic-
ular user. A user is not allowed to re-use a previously used password.
PASSWORD_HISTORY_DEPTH=
N A new password is checked against only the N most
recently used passwords for a particular user.
A configuration of password history depth of 2 prevents users from alternating between two
passwords. The maximum password history depth supported is 10 and the minimum pass-
word history depth supported is 1. A depth configuration of more than 10 will be treated as
10, and a depth configuration of less than 1 will be treated as 1.
The password history depth configuration is on a system basis and is supported in trusted
system for users in files repository only. This feature does not support the users in
NIS or
NISPLUS repositories. Once the feature is enabled, all the users on the system are subject
to the same check. If this parameter is not configured, the password history check feature
is automatically disabled. When the feature is disabled, the password history check depth
is set to 1.
A password change is subject to all of the other rules for a new password including a check
with the current password.
Default value: PASSWORD_HISTORY_DEPTH=1
PASSWORD_MIN_<type>_CHARS
Parameters of this form are used to require new passwords to have a minimum number of
characters of particular types (upper case, lower case, digits or special characters). This
can be helpful in enforcing site security policies about selecting passwords that are not easy
to guess.
Note: These parameters apply only if the libpam_unix patch PHCO_24606 or later is
installed.
PASSWORD_MIN_UPPER_CASE_CHARS=
N Specifies that a minimum of N upper-case
characters are required in a password when changed.
PASSWORD_MIN_LOWER_CASE_CHARS=
N Specifies that a minimum of N lower-case
characters are required in a password when changed.
PASSWORD_MIN_DIGIT_CHARS=
N Specifies that a minimum of N digit characters
are required in a password when changed.
PASSWORD_MIN_SPECIAL_CHARS=
N Specifies that a minimum of N special charac-
ters are required in a password when changed.
Default value: The default for each of these parameters is zero.
PASSWORD_MAXDAYS
If the ShadowPassword
bundle is installed, this parameter controls the default max-
imum number of days that passwords are valid. This parameter applies only to local users
and does not apply to trusted systems. The
passwd -x option can be used to override
this value for a specific user.
PASSWORD_MAXDAYS=N A new password is valid for up to N days, after which the
password must be changed.
Default value: PASSWORD_MAXDAYS=-1 password aging is turned off.
PASSWORD_MINDAYS
If the ShadowPassword bundle is installed, this parameter controls the default
minimum number of days before a password can be changed. This parameter applies only
to local users and does not apply to trusted systems. The passwd -n option can be used
to override this value for a specific user.
PASSWORD_MINDAYS=N A new password cannot be changed until at least N days
since it was last changed.
Default value:
PASSWORD_MINDAYS=0
PASSWORD_WARNDAYS
If the ShadowPassword bundle is installed, this parameter controls the default number
of days before password expiration that a user is to be warned that the password must be
changed. This parameter applies only to local users on Shadow Password systems. The
HP-UX 11i Version 1: September 2005 − 2 − Hewlett-Packard Company Section 4−−275