HP-UX Reference (11i v3 07/02) - 1 User Commands N-Z (vol 2)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

passwd(1) passwd(1)

PASSWORD_WARNDAYS

Password Construction Requirements

Passwords must be constructed to meet the following requirements:

• On a standard system, only the ﬁrst eight characters of a password are signiﬁcant.

• The default minimum password length is six characters for non-root users on a standard system and

for all users on a trusted system. See the description of the

MIN_PASSWORD_LENGTH

attribute in

security(4) for information on how to change this restriction.

• Characters must be from the 7-bit US-ASCII character set; letters from the English alphabet.

• A password must contain at least two letters and at least one numeric or special character.

• A password must differ from the user’s login name and any reverse or circular shift of that login

name. For comparison purposes, an uppercase letter and its corresponding lowercase equivalent are

treated as identical.

• A new password must differ from the old one by at least three characters (one character for non super

user if changed by the super user in a trusted system).

Repository Conﬁguration

The

/etc/nsswitch.conf

ﬁle speciﬁes the repositories for which the password must be modiﬁed. The

following conﬁgurations are supported:

• passwd: ﬁles

• passwd: ﬁles nis

• passwd: compat (--> ﬁles nis)

Smart Card Login

If the user account is conﬁgured to use a Smart Card, the user password is stored in the card. This pass-

word has characteristics identical to a normal password stored on the system.

The Smart Card must be inserted into the Smart Card reader. The user is prompted for a PIN instead of a

password during authentication.

Enter PIN:

The password is retrieved automatically from the Smart Card when a valid PIN is entered. Therefore, it is

not necessary to know the password, only the PIN.

If the system retrieves a valid old password from the card, a new password is requested (twice). If the new

password meets all requirements, the system automatically overwrites the old password stored on the card

with the new password.

Therefore, the new dialog resembles:

Enter PIN:

New password:

Re-enter new password:

A Smart Card account can be shared among users. If one user modiﬁes the password, other users must use

the scsync command to write the new password onto their cards.

The scpin command is used to change the Smart Card PIN.

SECURITY FEATURES

This section applies only to trusted systems. It describes additional capabilities and restrictions.

When passwd is invoked on a trusted system, the existing password is requested (if one is present). This

initiates the password solicitation dialog which depends upon the type of password generation (format pol-

icy) that has been enabled on the account doing the passwd command. There are four possible options for

password generation:

Random syllables A pronounceable password made up of meaningless syllables.

Random characters An unpronounceable password made up of random characters from the

character set.

Random letters An unpronounceable password made up of random letters from the alpha-

bet.

90 Hewlett-Packard Company − 3 − HP-UX 11i Version 3: February 2007