HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)
s
security(4) security(4)
MIN_PASSWORD_LENGTH
This attribute controls the minimum length of new passwords. It applies to trusted sys-
tems and to non-root users on standards systems. This attribute applies only to non-root
local users. If the TrustedMigration product is installed, the system-wide default defined
here may be overridden by defining per-user values in
/var/adm/userdb
(described in
userdb(4)).
MIN_PASSWORD_LENGTH=
N New passwords must contain at least N characters. For
untrusted systems, N can be any value from 6 to 8. For trusted systems, N can be any
value from 6 to 80.
Default value:
MIN_PASSWORD_LENGTH=6
NOLOGIN
This attribute controls whether non-root login can be disabled by the
/etc/nologin file.
Note that this attribute only applies to the applications that use session management ser-
vices provided by
pam_hpsec as configured in
/etc/pam.conf, or those services that
indirectly invoke
login such as the telnetd and
rlogind commands. Other services
may or may not choose to enforce the
/etc/nologin file.
NOLOGIN=0 Ignore the /etc/nologin file and do not exit if the /etc/nologin
file exists.
NOLOGIN=1 Display the contents of the /etc/nologin file and exit if the
/etc/nologin file exists.
Default value: NOLOGIN=0
NUMBER_OF_LOGINS_ALLOWED
This attribute controls the number of simultaneous logins allowed per user. Note that this
is only enforced for non-root users and only applies to the applications that use session
management services provided by pam_hpsec as configured in /etc/pam.conf
,or
those services that indirectly invoke
login, such as the telnetd and rlogind com-
mands. If the TrustedMigration product is installed, the system-wide default defined here
may be overridden by defining a per-user value in /var/adm/userdb
(described in
userdb(4)).
NUMBER_OF_LOGINS_ALLOWED=0
Any number of logins are allowed per user.
NUMBER_OF_LOGINS_ALLOWED=
NNnumber of logins are allowed per user.
Default value:
NUMBER_OF_LOGINS_ALLOWED=0
PASSWORD_HISTORY_DEPTH
This attribute controls the password history depth. A new password is checked against
passwords stored in the user’s password history. This prevents the user from re-using a
recently used password. This attribute applies only to local users.
For a trusted system, the maximum password history depth is 10 and the minimum is 1.
For a standard system, this feature applies only if the TrustedMigration product has been
installed. The maximum password history depth is 24 and the minimum is 1. The system-
wide default defined here may be overridden by defining a per-user value in
/var/adm/userdb (described in userdb(4)).
PASSWORD_HISTORY_DEPTH=N A new password is checked against the N most
recently used passwords, including the current password. For example, a password history
depth of 2 prevents a user from alternating between two passwords.
Default value:
PASSWORD_HISTORY_DEPTH=1 Cannot re-use the current password.
PASSWORD_MIN_ type_CHARS
Attributes of this form are used to require new passwords to have a minimum number of
characters of particular types (upper case, lower case, digits or special characters). This
can be helpful in enforcing site security policies about selecting passwords that are not easy
to guess. This attribute applies only to non-root local users. If the TrustedMigration pro-
duct is installed, the system-wide default defined here may be overridden by defining a
per-user value in /var/adm/userdb (described in userdb(4)).
PASSWORD_MIN_UPPER_CASE_CHARS=N Specifies that a minimum of N upper-case
characters are required in a password when changed.
HP-UX 11i Version 2: December 2007 Update − 4 − Hewlett-Packard Company 349