Solved

AIX not accepting new password change

Posted on 2009-04-10
6
2,047 Views
Last Modified: 2013-11-17
I am fairly new to AIX and last evening I had to implement some more strict password characteristics. This morning my users are being prompted to change their password based on the new criteria and for some they are having no issue but for others it will not accept their new password.

3004-602 The required password characteristics are:
        a maximum of 8 repeated characters.
        a minimum of 5 alphabetic characters.
        a minimum of 2 non-alphabetic characters.
        a minimum of 7 characters in length.

The consistency seems to be that once they go above the 8 character mark it kicks back and does not take the password...unless of course they match criteria within the first 8 charcters of the new password.

For example:

google09pirate will be excepted however
googlepirate09 will be rejected

I did some searching and saw that in AIX 6.1 a LPA mechanism was implemented allowing for more than 8 characters, but since we are on AIX 5.3 that is not an option. So I'd like to know if I missed a parameter in SMIT somewhere that is making it so the characteristics must take place in the first 8 character fields or if this is by design and nothing can be done?

Thanks in advance.
0
Comment
Question by:Rhino83
  • 3
  • 2
6 Comments
 
LVL 7

Expert Comment

by:EmpKent
ID: 24115560
Can you not just set a maximum of 8 chars and keep your other parameters? Then users could not attempt a password of googlepirate09.

Just a thought.

Kent
0
 

Author Comment

by:Rhino83
ID: 24115614
Looking through smitty chuser there is a Password Min. Length but nothing for a password Max Length so if it is possible to adjust the max length I would give it good consideration I just am not sure how to do so.
0
 
LVL 7

Accepted Solution

by:
EmpKent earned 500 total points
ID: 24115758
Is it possible to just inform your users that they cannot use more than 8 chars? I mean, it appears that the server is truncating it to 8 anyway. If you tell users that they must meet the other criterion within the first 8 chars, they would succeed, no?

Kent
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 7

Expert Comment

by:EmpKent
ID: 24115781
Sorry, should have said criteria or criterions.
0
 

Author Comment

by:Rhino83
ID: 24115814
This is essentially what the e-mail I just generated and sent out states. That it is more of a hard coded situation I can not change without some unnecessary upgrades to the server. Pretty straight forward and makes things a lot easier I just wanted to be sure that it wasn't something I was overlooking or could easily be implemented.

Easy points but I didn't want the user community sitting around with no updates so thanks for the very prompt reply.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24115863
Hi,
please look at /etc/security/user.

The explanation for 'minlen' contained in that file says:

*  minlen        Defines the minimum length of a password.  The default is 0.
*                      Range: 0 to 8.
*
*   Note: The minimum length of a password is determined by minlen and/or
*         'minalpha + minother', whichever is greater.  'minalpha + minother'*         should never be greater than 8.  If 'minalpha + minother' is greater
*         than 8, then minother is reduced to '8 - minalpha'.


With AIX 5.3 and earlier, there is an eight-character design limit for the number of significant bytes in a password, which can not be overcome. This implies that characteristics must be met within those 8 significant bytes, as stated e.g. by the 'minlen' explanation above.

Cheers

wmp

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question