HP-UX Reference (11i v2 03/08) - 1 User Commands N-Z (vol 2)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

121

122

123

124

125

126

127

128

129

130

passwd(1) passwd(1)

forced to change the password before using the account.

The

-n min and -x max arguments are each represented in units of days. These arguments are

rounded up to the nearest week on a standard system. If only one of the two arguments is supplied and

the other argument does not exist, then the number of days is set to zero.

Default values may be set in the

/etc/default/security

ﬁle for the -n min, -x max, and -w

warn options. See security (4). The parameters to select password aging defaults are:

PASSWORD_MINDAYS

PASSWORD_MAXDAYS

PASSWORD_WARNDAYS

Password Construction Requirements

Passwords must be constructed to meet the following requirements:

• On an untrusted system, only the ﬁrst eight characters of a password are signiﬁcant.

• On an untrusted system, passwords of non-root users must have at least six characters. On a

trusted system, passwords of all users must have at least six characters. This restriction on the

password length can be increased to a value larger than six. Refer to the security (4) manual page

for detailed information on conﬁgurable parameters that affect the behavior of this command. The

parameter to select the minimum password length is

MIN_PASSWORD_LENGTH

• Characters must be from the 7-bit US-ASCII character set; letters from the English alphabet.

• A password must contain at least two letters and at least one numeric or special character.

• A password must differ from the user’s login name and any reverse or circular shift of that login

name. For comparison purposes, an uppercase letter and its corresponding lowercase equivalent

are treated as identical.

• A new password must differ from the old one by at least three characters (one character for non

super user if changed by the super user in a trusted system).

Repository Conﬁguration

The

/etc/nsswitch.conf

ﬁle speciﬁes the repositories for which the password must be modiﬁed.

The following conﬁgurations are supported:

• passwd: ﬁles

• passwd: ﬁles nisplus

• passwd: ﬁles nis

• passwd: compat (--> ﬁles nis)

• passwd: compat (--> ﬁles nisplus)

• passwd_compat: nisplus

Smart Card Login

If the user account is conﬁgured to use a Smart Card, the user password is stored in the card. This pass-

word has characteristics identical to a normal password stored on the system.

The Smart Card must be inserted into the Smart Card reader. The user is prompted for a PIN instead of

a password during authentication.

Enter PIN:

The password is retrieved automatically from the Smart Card when a valid PIN is entered. Therefore, it

is not necessary to know the password, only the PIN.

If the system retrieves a valid old password from the card, a new password is requested (twice). If the

new password meets all requirements, the system automatically overwrites the old password stored on

the card with the new password.

Therefore, the new dialog resembles:

Enter PIN:

New password:

Re-enter new password:

HP-UX 11i Version 2: August 2003 − 3 − Hewlett-Packard Company Section 1−−667