HP-UX Reference (11i v2 04/09) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

301

302

303

304

305

306

307

308

309

310

security(4) security(4)

NAME

security - security defaults conﬁguration ﬁle

DESCRIPTION

A number of system commands and features are conﬁgured based on certain parameters deﬁned in the

/etc/default/security

conﬁguration ﬁle. This ﬁle must be world readable and root writable.

Each line in the ﬁle is treated either as a comment or as conﬁguration information for a given system

command or feature. Comments are denoted by a

# at the beginning of a line. Noncomment lines are of

the form,

parameter=value

If any parameter is not deﬁned or is commented out in this ﬁle, the default behavior detailed below will

apply.

Parameter deﬁnitions, valid values, and defaults are deﬁned as follows:

ABORT_LOGIN_ON_MISSING_HOMEDIR

This parameter controls login behavior if a user’s home directory does not exist. Note that this

is only enforced for non-root users and only applies to the login (1) command or those services

that indirectly invoke login(1) such as the telnetd (1M) and rlogind(1M) commands.

ABORT_LOGIN_ON_MISSING_HOMEDIR=0

ABORT_LOGIN_ON_MISSING_HOMEDIR=1

Exit the login session if the user’s home directory does not exist.

Default value:

ABORT_LOGIN_ON_MISSING_HOMEDIR=0

BOOT_AUTH

This parameter controls whether authentication is required to boot the system into single user

mode. If enabled, the system cannot be booted into single user mode until the password of an

authorized user is provided. This parameter does not apply to trusted systems. However, if

boot authentication is enabled on a standard system, then when the system is converted to a

trusted system, boot authentication will also be enabled as default for the trusted system.

BOOT_AUTH=0

Boot authentication is turned OFF.

BOOT_AUTH=1

Boot authentication is turned ON.

Default value:

BOOT_AUTH=0

BOOT_USERS

This parameter deﬁnes the names of users who are authorized to boot the system into single

user mode from the console. Names are separated by a comma (,). It only takes effect when

boot authentication is enabled. Refer to the description of the

BOOT_AUTH parameter. The

BOOT_USERS parameter does not apply to trusted systems. However, when a standard sys-

tem is converted to a trusted system, this information is translated.

BOOT_USERS=mary,jack

Other than the root user, user mary or jack can also boot the system into single user

mode from the console.

Default value:

BOOT_USERS=root

MIN_PASSWORD_LENGTH

This parameter controls the minimum length of new passwords. It is not applicable to the root

user on an untrusted system.

MIN_PASSWORD_LENGTH=N

New passwords must contain at least N characters. For untrusted systems, N can be any

value from 6 to 8. For trusted systems, N can be any value from 6 to 80.

Default value:

MIN_PASSWORD_LENGTH=6

NOLOGIN This parameter controls whether non-root login can be disabled by the /etc/nologin ﬁle.

Note that this parameter only applies to the applications that use session management ser-

vices provided by pam_hpsec (5) as conﬁgured in /etc/pam.conf, or those services that

indirectly invoke login (1) such as the telnetd (1M) and rlogind (1M) commands. Other services

may or may not choose to enforce the /etc/nologin ﬁle.

HP-UX 11i Version 2: September 2004 − 1 − Hewlett-Packard Company Section 4−−291