Solved

AIX not accepting new password change

Posted on 2009-04-10
6
2,012 Views
Last Modified: 2013-11-17
I am fairly new to AIX and last evening I had to implement some more strict password characteristics. This morning my users are being prompted to change their password based on the new criteria and for some they are having no issue but for others it will not accept their new password.

3004-602 The required password characteristics are:
        a maximum of 8 repeated characters.
        a minimum of 5 alphabetic characters.
        a minimum of 2 non-alphabetic characters.
        a minimum of 7 characters in length.

The consistency seems to be that once they go above the 8 character mark it kicks back and does not take the password...unless of course they match criteria within the first 8 charcters of the new password.

For example:

google09pirate will be excepted however
googlepirate09 will be rejected

I did some searching and saw that in AIX 6.1 a LPA mechanism was implemented allowing for more than 8 characters, but since we are on AIX 5.3 that is not an option. So I'd like to know if I missed a parameter in SMIT somewhere that is making it so the characteristics must take place in the first 8 character fields or if this is by design and nothing can be done?

Thanks in advance.
0
Comment
Question by:Rhino83
  • 3
  • 2
6 Comments
 
LVL 7

Expert Comment

by:EmpKent
ID: 24115560
Can you not just set a maximum of 8 chars and keep your other parameters? Then users could not attempt a password of googlepirate09.

Just a thought.

Kent
0
 

Author Comment

by:Rhino83
ID: 24115614
Looking through smitty chuser there is a Password Min. Length but nothing for a password Max Length so if it is possible to adjust the max length I would give it good consideration I just am not sure how to do so.
0
 
LVL 7

Accepted Solution

by:
EmpKent earned 500 total points
ID: 24115758
Is it possible to just inform your users that they cannot use more than 8 chars? I mean, it appears that the server is truncating it to 8 anyway. If you tell users that they must meet the other criterion within the first 8 chars, they would succeed, no?

Kent
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 7

Expert Comment

by:EmpKent
ID: 24115781
Sorry, should have said criteria or criterions.
0
 

Author Comment

by:Rhino83
ID: 24115814
This is essentially what the e-mail I just generated and sent out states. That it is more of a hard coded situation I can not change without some unnecessary upgrades to the server. Pretty straight forward and makes things a lot easier I just wanted to be sure that it wasn't something I was overlooking or could easily be implemented.

Easy points but I didn't want the user community sitting around with no updates so thanks for the very prompt reply.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24115863
Hi,
please look at /etc/security/user.

The explanation for 'minlen' contained in that file says:

*  minlen        Defines the minimum length of a password.  The default is 0.
*                      Range: 0 to 8.
*
*   Note: The minimum length of a password is determined by minlen and/or
*         'minalpha + minother', whichever is greater.  'minalpha + minother'*         should never be greater than 8.  If 'minalpha + minother' is greater
*         than 8, then minother is reduced to '8 - minalpha'.


With AIX 5.3 and earlier, there is an eight-character design limit for the number of significant bytes in a password, which can not be overcome. This implies that characteristics must be met within those 8 significant bytes, as stated e.g. by the 'minlen' explanation above.

Cheers

wmp

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
lsuser for specific number of users listed in a file 11 102
netstat -a in AIX unix 8 37
FTP on FreeBSD server 2 114
What are recommended OS for exim mail server? 10 101
Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now