HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

341

342

343

344

345

346

347

348

349

350

security(4) security(4)

AUTH_MAXTRIES=0

Any number of authentication retries is allowed.

AUTH_MAXTRIES=

N An account is locked after N+1 consecutive authentication

failures. N can be any positive integer.

Default value:

AUTH_MAXTRIES=0

BOOT_AUTH

This attribute controls whether authentication is required to boot the system into single

user mode. If enabled, the system cannot be booted into single user mode until the pass-

word of an authorized user is provided. This attribute does not apply to trusted systems.

However, if boot authentication is enabled on a standard system, then when the system is

converted to a trusted system, boot authentication will also be enabled as default for the

trusted system.

BOOT_AUTH=0 Boot authentication is turned OFF.

BOOT_AUTH=1 Boot authentication is turned ON.

Default value: BOOT_AUTH=0

BOOT_USERS

This attribute deﬁnes the names of users who are authorized to boot the system into single

user mode from the console. Names are separated by a comma (,). It only takes effect

when boot authentication is enabled. Refer to the description of the

BOOT_AUTH attri-

bute. The

BOOT_USERS attribute does not apply to trusted systems. However, when a

standard system is converted to a trusted system, this information is translated.

For example:

BOOT_USERS=mary,jack

Other than the root user, user mary or jack can also boot the system into single user

mode from the console.

Default value: BOOT_USERS=root

CRYPT_ALGORITHMS_DEPRECATE

This attribute lists the password hash algorithms that must be deprecated when a user’s

password is changed.

This attribute is only valid when the SHA product is installed.

CRYPT_DEFAULT

This attribute speciﬁes the default password hash algorithm. It is used when a new user

password is created, and either the user did not have a password before or the old password

was hashed with a deprecated algorithm (listed in CRYPT_ALGORITHMS_DEPRECATE

The value of

CRYPT_DEFAULT should not be present in

CRYPT_ALGORITHMS_DEPRECATE

This attribute is only valid when the SHA product is installed.

CRYPT_DEFAULT=__unix__

The default hash algorithm is the traditional DES-

based algorithm. Refer to crypt(3C) for more information.

CRYPT_DEFAULT=6 The default hash algorithm is method 6, a newer hash algorithm

based on SHA-512.

For example:

CRYPT_ALGORITHMS_DEPRECATE=__unix__

CRYPT_DEFAULT=6

If a user’s password is created for the ﬁrst time, it is hashed using method 6.Orifauser’s

old password was hashed using __unix__, the new password is hashed using method 6.

Default value: CRYPT_DEFAULT=__unix__

DISPLAY_LAST_LOGIN

This attribute controls whether a successful login displays the date, time and origin of the

last successful login and the last authentication failure. Times are displayed using the

system’s time zone. See the discussion of time zones in the Notes section. This attribute

does not apply to trusted systems, and it applies to standard systems only if the

HP-UX 11i Version 2: December 2007 Update − 2 − Hewlett-Packard Company 347