HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)
s
security(4) security(4)
PASSWORD_MIN_LOWER_CASE_CHARS=
N Specifies that a minimum of N lower-case
characters are required in a password when changed.
PASSWORD_MIN_DIGIT_CHARS=
N Specifies that a minimum of N digit characters
are required in a password when changed.
PASSWORD_MIN_SPECIAL_CHARS=
N Specifies that a minimum of N special charac-
ters are required in a password when changed.
Default value: The default for each of these attributes is zero.
PASSWORD_MAXDAYS
This attribute controls the default maximum number of days that passwords are valid.
This value, if specified, is used by the authentication subsystem during the password
change process in the case where aging restrictions do not already exist for the given user.
The value takes effect after the password change. This attribute applies only to local users
and does not apply to trusted systems. The
passwd -x option can be used to override
this value for a specific user.
PASSWORD_MAXDAYS=
N A new password is valid for up to N days, after which the
password must be changed. N can be an integer from -1 to 441.
Default value:
PASSWORD_MAXDAYS=-1
password aging is turned off.
PASSWORD_MINDAYS
This attribute controls the default minimum number of days before a password can be
changed. This value is used by the authentication subsystem during the password change
process in the case where aging restrictions do not already exist for the user. The value is
stored persistently and takes effect after the password change. This attribute applies only
to local users and does not apply to trusted systems. The passwd -n option can be used
to override this value for a specific user.
PASSWORD_MINDAYS=
N A new password cannot be changed until at least N days
since it was last changed. N can be an integer from 0 to 441.
Default value:
PASSWORD_MINDAYS=0
PASSWORD_WARNDAYS
This attribute controls the default number of days before password expiration that a user is
to be warned that the password must be changed. This value, if specified, is used by the
authentication subsystem during the password change process in the case where aging res-
trictions do not already exist for the given user. The value takes effect after the password
change. This attribute applies only to local users on shadow password systems. The
passwd -w option can be used to override this value for a specific user.
PASSWORD_WARNDAYS=
N Users are warned N days before their password expires. N
can be an integer from 0 to 441.
Default value:
PASSWORD_WARNDAYS=0
(no warning)
SU_DEFAULT_PATH
This attribute defines a new default PATH environment value to be set when su
to a non-
superuser account is done. Refer to su(1).
SU_DEFAULT_PATH=new_PATH
The PATH environment variable is set to new_PATH when the su command is invoked.
The path value is not validated. This attribute does not apply to a superuser account, and
is applicable only when the "-" option is not used with the su command.
Default value: If this attribute is not defined or if it is commented out, PATH is not
changed.
SU_KEEP_ENV_VARS
This attribute forces su to propagate certain ’unsafe’ environment variables to its child pro-
cess despite the security risk of doing so. Refer to su(1).
By default, su does not export the environment variables HOME, ENV, IFS, SHLIB_PATH
or LD_* because they could be maliciously misused. Any combination of these can be
specified in this entry, with a comma separating the variables. Currently, no other
environment variables may be specified in this way. This may change in future HP-UX
350 Hewlett-Packard Company − 5 − HP-UX 11i Version 2: December 2007 Update