password  security setup ..

Posted on 2006-04-10
Last Modified: 2013-12-06
hi ,

     i need to setup password options for aix,HP,solaris,and linux suse ,redhat  plesae let me know what files that i need to edit and what else i need to do i need this done for all versions of the os i want to be consistant for all platforms.please help ..Thanks in advance ..I need to setup password length,any septial character,caps ,number etc....
Question by:kaka123
    LVL 51

    Expert Comment

    man pam
    (may not be installed by default on all OS' except Linux)
    LVL 38

    Accepted Solution

    You can do soemthing about the /etc/password file. the format of of /etc/password is:

    'x' mean required to have password, 11029 UID, 1 is GID etc

    The user account expiry date infor stored in /etc/shadow file (only readable by root):
    the format is:


    For Solaris you can use "admtool" (GUI, for v 8 or older) or "smc" (for v 9 and newer) to set the password property. For HP-UX, you can use "sam" (GUI).

    you can also use "usermod" script to make the change.

    man password
    man usermod
    man useradd
    to learn more details.

    Author Comment

    Hi Thanks for your reply!!

    I am sorry if was not clear on my question I need a policy setup so from now on the all password when we the admin set them up the client is force to change the password on first login
    2. The client should get a password expired warning before the password expired x number's of days ahead.
    3. Password length should not be less then 8 characters.
    4. The password should include letters and numbers
    5. Password should not be what the id is
    6. Password should have at least one special character
          Just trying to enforce the password policy that is what I am trying to do and not sure where to go on do that what file or files to edit etc...

          You got the point .sorry I was not clear earlier.
    LVL 51

    Assisted Solution

    1. usually not possible on all OS you listed, you need additional tools for that
    2. not practicable! what happens if the user does not login with in the time periond "password expired x number's of days ahead"?
    3. not possible on most standard installations, see yuzh's comment for the proper tools; man pam
    4. man pam
    5. man pam
    6. man pam

    A note about passwords: what do you think is a better (not asking if good at all) password?

    If you agree with me that both are equal, then rethink about your requirements. I.g. it is better to have a passphrase (sentence) in natural language than cryptic strings which are most likely written down somewhere, somehow.


    Author Comment

    Thanks!! For the reply please let me know what files do I need to edit to set the password policy globally enabled on all the platforms above.
    I need to setup

    1. Min 8 character
    2. Atleast one special character
    3. Password should not be what user id is
    4. Atleast one number in the password
    5. Aging of the password should be enabled
    6. days minimum password expired time
    7. Password should expire on first login

    Please let me know what files do I need to edit for Solaris,HP,AIX,linux redhat suse ....Thanks in advance Please let me know step by step I do not have the man pages installed for pam. Do not have NIS+ running .....Thanks!!
    LVL 51

    Expert Comment


    Author Comment

    I am sorry but i do not see what are you trying to tell me ??????The admtool,smc,sam,smit  can be use to setup for indvisual user But not for the global envirment setup up or policy setup ...Please let em know step by step as i look into sam and smit and did not find the options to enable for the new user creation policy .so when the new user is been created they will have this attribute as default ..8char,sp char,aging etc etc ...

    Author Comment

    Hi all Thanks all for your reply My apologies for not right clicking to get to the properties NOT looking through closely I found how it’s get done in Solaris through the admintool and smc on Solaris but on aix and sam and yast how can we enable for the accounts that are already on the Box .Can you please clarify that please it will lot of help.THANK YOU!!
    LVL 38

    Expert Comment

    >>found how it’s get done in Solaris through the admintool and smc on Solaris but on aix and sam and yast how can we enable for the accounts that are already on the Box .

    You can use the same tool (admintool or sam) to modify
    the existing user account property.

    use "usermod" script to modify the accounts.

    Have a nice holiday to all of you, cheers!
    LVL 48

    Expert Comment

    You are never going to get a consistent password policy between all the Unix/Linux flavours you mentioned without using additional tools/modules.  There is just too much difference between the flavours and how they implement their user/password policy.
    LVL 51

    Expert Comment

    > You are never going to get a consistent password policy between all the Unix/Linux flavours ..
    I'd use a separate LDAP server and then configure all others to authenticate against that LDAP
    LVL 61

    Expert Comment

    No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
    I will leave the following recommendation for this question in the Cleanup topic area:

    Split between yuzh http:#16422787 and ahoffmann http:#16423920

    Any objections should be posted here in the next 4 days. After that time, the question will be closed.

    EE Cleanup Volunteer

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. Please see for the updated article. It is avail…
    In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now