• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

password security setup ..

hi ,

     i need to setup password options for aix,HP,solaris,and linux suse ,redhat  plesae let me know what files that i need to edit and what else i need to do i need this done for all versions of the os i want to be consistant for all platforms.please help ..Thanks in advance ..I need to setup password length,any septial character,caps ,number etc....
  • 4
  • 4
  • 2
  • +2
2 Solutions
man pam
(may not be installed by default on all OS' except Linux)
You can do soemthing about the /etc/password file. the format of of /etc/password is:

'x' mean required to have password, 11029 UID, 1 is GID etc

The user account expiry date infor stored in /etc/shadow file (only readable by root):
the format is:


For Solaris you can use "admtool" (GUI, for v 8 or older) or "smc" (for v 9 and newer) to set the password property. For HP-UX, you can use "sam" (GUI).

you can also use "usermod" script to make the change.

man password
man usermod
man useradd
to learn more details.
kaka123Author Commented:
Hi Thanks for your reply!!

I am sorry if was not clear on my question I need a policy setup so from now on the all password when we the admin set them up the client is force to change the password on first login
2. The client should get a password expired warning before the password expired x number's of days ahead.
3. Password length should not be less then 8 characters.
4. The password should include letters and numbers
5. Password should not be what the id is
6. Password should have at least one special character
      Just trying to enforce the password policy that is what I am trying to do and not sure where to go on do that what file or files to edit etc...

      You got the point .sorry I was not clear earlier.
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

1. usually not possible on all OS you listed, you need additional tools for that
2. not practicable! what happens if the user does not login with in the time periond "password expired x number's of days ahead"?
3. not possible on most standard installations, see yuzh's comment for the proper tools; man pam
4. man pam
5. man pam
6. man pam

A note about passwords: what do you think is a better (not asking if good at all) password?

If you agree with me that both are equal, then rethink about your requirements. I.g. it is better to have a passphrase (sentence) in natural language than cryptic strings which are most likely written down somewhere, somehow.

kaka123Author Commented:
Thanks!! For the reply please let me know what files do I need to edit to set the password policy globally enabled on all the platforms above.
I need to setup

1. Min 8 character
2. Atleast one special character
3. Password should not be what user id is
4. Atleast one number in the password
5. Aging of the password should be enabled
6. days minimum password expired time
7. Password should expire on first login

Please let me know what files do I need to edit for Solaris,HP,AIX,linux redhat suse ....Thanks in advance Please let me know step by step I do not have the man pages installed for pam. Do not have NIS+ running .....Thanks!!
kaka123Author Commented:
I am sorry but i do not see what are you trying to tell me ??????The admtool,smc,sam,smit  can be use to setup for indvisual user But not for the global envirment setup up or policy setup ...Please let em know step by step as i look into sam and smit and did not find the options to enable for the new user creation policy .so when the new user is been created they will have this attribute as default ..8char,sp char,aging etc etc ...
kaka123Author Commented:
Hi all Thanks all for your reply My apologies for not right clicking to get to the properties NOT looking through closely I found how it’s get done in Solaris through the admintool and smc on Solaris but on aix and sam and yast how can we enable for the accounts that are already on the Box .Can you please clarify that please it will lot of help.THANK YOU!!
>>found how it’s get done in Solaris through the admintool and smc on Solaris but on aix and sam and yast how can we enable for the accounts that are already on the Box .

You can use the same tool (admintool or sam) to modify
the existing user account property.

use "usermod" script to modify the accounts.

Have a nice holiday to all of you, cheers!
You are never going to get a consistent password policy between all the Unix/Linux flavours you mentioned without using additional tools/modules.  There is just too much difference between the flavours and how they implement their user/password policy.
> You are never going to get a consistent password policy between all the Unix/Linux flavours ..
I'd use a separate LDAP server and then configure all others to authenticate against that LDAP
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:

Split between yuzh http:#16422787 and ahoffmann http:#16423920

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 4
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now