HP-UX Standard Mode Security Extensions Release Notes
HP-UX Standard Mode Security Extensions Release Note
What’s in This Version
Chapter 18
Configurable System-Wide Security Defaults in /etc/default/security
System-wide defaults for security features are configured in the security defaults file,
/etc/default/security, by modifying the attribute=value pairs. See Table 1-1and Table 1-2
for a list of attributes affected by the HP-UX Standard Mode Security Extensions. Table 1-1
and Table 1-2 do not show a complete list of attributes. Refer to the security (4) manpage for a
complete list of attributes and an explanation of /etc/default/security.
The new security attributes description file is /etc/security.dsc which describes each
attribute along with a range of possible values. The /etc/security.dsc file also shows the
default value to use for each attribute if no system-wide default value is configured in
/etc/default/security.
Several system-wide defaults can be overridden for specified users by setting a per-user value
in the user database. Use the userdbset command to make the per-user configurations. See
“User Database for Per-User Configurations” on page 9 and refer to the userdbset (1M)
manpage.
Table 1-1 lists the security features and corresponding attributes that are now available in
standard mode. These features were previously available only in trusted mode.
Table 1-1 Security Features and Attributes Now Available in Standard
Mode
Security Features for Standard Mode
HP-UX
Attribute Name for System-Wide Default
in /etc/default/security
Locks account after too many
authentication failures
AUTH_MAXTRIES
Displays last successful and last
unsuccessful login
DISPLAY_LAST_LOGIN
Defines password history depth PASSWORD_HISTORY_DEPTH
Prevents logins with a null password ALLOW_NULL_PASSWORD
Restricts logins to specific time periods LOGIN_TIMES
Expires inactive accounts INACTIVITY_MAXDAYS
Enables or disables auditing for users AUDIT_FLAG