HP-UX Reference (11i v2 03/08) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

291

292

293

294

295

296

297

298

299

300

security(4) security(4)

NAME

security - security defaults conﬁguration ﬁle

DESCRIPTION

A number of system commands and features are conﬁgured based on certain parameters deﬁned in the

/etc/default/security

conﬁguration ﬁle. This ﬁle must be world readable and root writable.

Each line in the ﬁle is treated either as a comment or as conﬁguration information for a given system

command or feature. Comments are denoted by a

# at the beginning of a line. Noncomment lines are of

the form,

parameter=value

If any parameter is not deﬁned or is commented out in this ﬁle, the default behavior detailed below will

apply.

Parameter deﬁnitions, valid values, and defaults are deﬁned as follows:

ABORT_LOGIN_ON_MISSING_HOMEDIR

This parameter controls login behavior if a user’s home directory does not exist. Note

that this is only enforced for non-root users and only applies to the login (1) command or

those services that indirectly invoke login(1) such as the telnetd (1M) and rlogind(1M)

commands.

ABORT_LOGIN_ON_MISSING_HOMEDIR=0

the user’s home directory does not exist.

ABORT_LOGIN_ON_MISSING_HOMEDIR=1

Exit the login session if the user’s home

directory does not exist.

Default value:

ABORT_LOGIN_ON_MISSING_HOMEDIR=0

BOOT_AUTH

This parameter controls whether authentication is required to boot the system into single

user mode. If enabled, the system cannot be booted into single user mode until the pass-

word of an authorized user is provided. This parameter does not apply to trusted sys-

tems. However, if boot authentication is enabled on a standard system, then when the

system is converted to a trusted system, boot authentication will also be enabled as

default for the trusted system.

BOOT_AUTH=0 Boot authentication is turned OFF.

BOOT_AUTH=1 Boot authentication is turned ON.

Default value:

BOOT_AUTH=0

BOOT_USERS

This parameter deﬁnes the names of users who are authorized to boot the system into

single user mode from the console. Names are separated by a comma (,). It only takes

effect when boot authentication is enabled. Refer to the description of the

BOOT_AUTH

parameter. The BOOT_USERS parameter does not apply to trusted systems. However,

when a standard system is converted to a trusted system, this information is translated.

BOOT_USERS=mary,jack

Other than the root user, user mary or jack can also boot the system into single user

mode from the console.

Default value:

BOOT_USERS=root

MIN_PASSWORD_LENGTH

This parameter controls the minimum length of new passwords. It is not applicable to

the root user on an untrusted system.

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For

untrusted systems, N can be any value from 6 to 8. For trusted systems, N can be any

value from 6 to 80.

Default value:

MIN_PASSWORD_LENGTH=6

NOLOGIN This parameter controls whether non-root login can be disabled by the /etc/nologin

ﬁle. Note that this parameter only applies to the login (1) command or those services that

indirectly invoke login (1) such as the telnetd (1M) and rlogind (1M) commands. Other

services may or may not choose to enforce the /etc/nologin ﬁle.

Section 4−−278 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: August 2003