[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

password  security setup ..

Posted on 2006-04-10
12
Medium Priority
?
370 Views
Last Modified: 2013-12-06
hi ,

     i need to setup password options for aix,HP,solaris,and linux suse ,redhat  plesae let me know what files that i need to edit and what else i need to do i need this done for all versions of the os i want to be consistant for all platforms.please help ..Thanks in advance ..I need to setup password length,any septial character,caps ,number etc....
0
Comment
Question by:kaka123
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16420056
man pam
(may not be installed by default on all OS' except Linux)
0
 
LVL 38

Accepted Solution

by:
yuzh earned 900 total points
ID: 16422787
You can do soemthing about the /etc/password file. the format of of /etc/password is:
username:password:uid:gid:comment:home-directory:login-shell

where
'x' mean required to have password, 11029 UID, 1 is GID etc

The user account expiry date infor stored in /etc/shadow file (only readable by root):
the format is:

username:password:lastchg:min:max:warn:inactive:expire

For Solaris you can use "admtool" (GUI, for v 8 or older) or "smc" (for v 9 and newer) to set the password property. For HP-UX, you can use "sam" (GUI).

you can also use "usermod" script to make the change.

man password
man usermod
man useradd
to learn more details.
0
 

Author Comment

by:kaka123
ID: 16423676
Hi Thanks for your reply!!


I am sorry if was not clear on my question I need a policy setup so from now on the all password when we the admin set them up the client is force to change the password on first login
2. The client should get a password expired warning before the password expired x number's of days ahead.
3. Password length should not be less then 8 characters.
4. The password should include letters and numbers
5. Password should not be what the id is
6. Password should have at least one special character
      Just trying to enforce the password policy that is what I am trying to do and not sure where to go on do that what file or files to edit etc...

      You got the point .sorry I was not clear earlier.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 600 total points
ID: 16423920
1. usually not possible on all OS you listed, you need additional tools for that
2. not practicable! what happens if the user does not login with in the time periond "password expired x number's of days ahead"?
3. not possible on most standard installations, see yuzh's comment for the proper tools; man pam
4. man pam
5. man pam
6. man pam

A note about passwords: what do you think is a better (not asking if good at all) password?
  ~~~~~~~~
  !!!!!!!!!

If you agree with me that both are equal, then rethink about your requirements. I.g. it is better to have a passphrase (sentence) in natural language than cryptic strings which are most likely written down somewhere, somehow.

0
 

Author Comment

by:kaka123
ID: 16438369
Thanks!! For the reply please let me know what files do I need to edit to set the password policy globally enabled on all the platforms above.
I need to setup

1. Min 8 character
2. Atleast one special character
3. Password should not be what user id is
4. Atleast one number in the password
5. Aging of the password should be enabled
6. days minimum password expired time
7. Password should expire on first login

Please let me know what files do I need to edit for Solaris,HP,AIX,linux redhat suse ....Thanks in advance Please let me know step by step I do not have the man pages installed for pam. Do not have NIS+ running .....Thanks!!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16438938
0
 

Author Comment

by:kaka123
ID: 16439915
I am sorry but i do not see what are you trying to tell me ??????The admtool,smc,sam,smit  can be use to setup for indvisual user But not for the global envirment setup up or policy setup ...Please let em know step by step as i look into sam and smit and did not find the options to enable for the new user creation policy .so when the new user is been created they will have this attribute as default ..8char,sp char,aging etc etc ...
0
 

Author Comment

by:kaka123
ID: 16455920
Hi all Thanks all for your reply My apologies for not right clicking to get to the properties NOT looking through closely I found how it’s get done in Solaris through the admintool and smc on Solaris but on aix and sam and yast how can we enable for the accounts that are already on the Box .Can you please clarify that please it will lot of help.THANK YOU!!
0
 
LVL 38

Expert Comment

by:yuzh
ID: 16459162
>>found how it’s get done in Solaris through the admintool and smc on Solaris but on aix and sam and yast how can we enable for the accounts that are already on the Box .

You can use the same tool (admintool or sam) to modify
the existing user account property.

or
use "usermod" script to modify the accounts.

Have a nice holiday to all of you, cheers!
0
 
LVL 48

Expert Comment

by:Tintin
ID: 16494682
You are never going to get a consistent password policy between all the Unix/Linux flavours you mentioned without using additional tools/modules.  There is just too much difference between the flavours and how they implement their user/password policy.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16495648
> You are never going to get a consistent password policy between all the Unix/Linux flavours ..
I'd use a separate LDAP server and then configure all others to authenticate against that LDAP
0
 
LVL 62

Expert Comment

by:gheist
ID: 16661001
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:

Split between yuzh http:#16422787 and ahoffmann http:#16423920

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

gheist
EE Cleanup Volunteer
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question