HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)
s
security(4) security(4)
Default value: NOLOGIN=0
NUMBER_OF_LOGINS_ALLOWED
This attribute controls the number of simultaneous logins allowed per user. Note that
this is only enforced for non-root users and only applies to the applications that use
session management services provided by pam_hpsec as configured in
/etc/pam.conf , or those services that indirectly invoke
login, such as the tel-
netd
and rlogind commands. The system-wide default defined here may be over-
ridden by defining a per-user value in
/var/adm/userdb (described in userdb(4)).
NUMBER_OF_LOGINS_ALLOWED=0
Any number of logins are allowed per user.
NUMBER_OF_LOGINS_ALLOWED=
NNnumber of logins are allowed per user.
Default value:
NUMBER_OF_LOGINS_ALLOWED=0
PASSWORD_HISTORY_DEPTH
This attribute controls the password history depth. A new password is checked
against passwords stored in the user’s password history. This prevents the user from
re-using a recently used password. This attribute applies only to local users.
For a trusted system, the maximum password history depth is 10 and the minimum is
1.
For a standard system, the maximum password history depth is 24 and the minimum
is 1. The system-wide default defined here may be overridden by defining a per-user
value in /var/adm/userdb
(described in userdb(4)).
PASSWORD_HISTORY_DEPTH=
N A new password is checked against the N most
recently used passwords, including the current password. For example, a password
history depth of 2 prevents a user from alternating between two passwords.
Default value:
PASSWORD_HISTORY_DEPTH=1
Cannot re-use the current pass-
word.
PASSWORD_MIN_ type_CHARS
Attributes of this form are used to require new passwords to have a minimum number
of characters of particular types (upper case, lower case, digits or special characters).
This can be helpful in enforcing site security policies about selecting passwords that
are not easy to guess. This attribute applies only to non-root local users. The
system-wide default defined here may be overridden by defining a per-user value in
/var/adm/userdb (described in userdb(4)).
PASSWORD_MIN_UPPER_CASE_CHARS=
N Specifies that a minimum of N
upper-case characters are required in a password when changed.
PASSWORD_MIN_LOWER_CASE_CHARS=
N Specifies that a minimum of N
lower-case characters are required in a password when changed.
PASSWORD_MIN_DIGIT_CHARS=
N Specifies that a minimum of N digit charac-
ters are required in a password when changed.
PASSWORD_MIN_SPECIAL_CHARS=N Specifies that a minimum of N special
characters are required in a password when changed.
Default value: The default for each of these attributes is zero.
PASSWORD_MAXDAYS
This attribute controls the default maximum number of days that passwords are valid.
This value, if specified, is used by the authentication subsystem during the password
change process in the case where aging restrictions do not already exist for the given
user. The value takes effect after the password change. This attribute applies only to
local users and does not apply to trusted systems. The passwd -x option can be
used to override this value for a specific user.
PASSWORD_MAXDAYS=N A new password is valid for up to N days, after which
the password must be changed. N can be an integer from -1 to 441.
Default value:
PASSWORD_MAXDAYS=-1 password aging is turned off.
PASSWORD_MINDAYS
This attribute controls the default minimum number of days before a password can be
HP-UX 11i Version 3: February 2007 − 4 − Hewlett-Packard Company 415