Solved

AIX not accepting new password change

Posted on 2009-04-10
6
1,990 Views
Last Modified: 2013-11-17
I am fairly new to AIX and last evening I had to implement some more strict password characteristics. This morning my users are being prompted to change their password based on the new criteria and for some they are having no issue but for others it will not accept their new password.

3004-602 The required password characteristics are:
        a maximum of 8 repeated characters.
        a minimum of 5 alphabetic characters.
        a minimum of 2 non-alphabetic characters.
        a minimum of 7 characters in length.

The consistency seems to be that once they go above the 8 character mark it kicks back and does not take the password...unless of course they match criteria within the first 8 charcters of the new password.

For example:

google09pirate will be excepted however
googlepirate09 will be rejected

I did some searching and saw that in AIX 6.1 a LPA mechanism was implemented allowing for more than 8 characters, but since we are on AIX 5.3 that is not an option. So I'd like to know if I missed a parameter in SMIT somewhere that is making it so the characteristics must take place in the first 8 character fields or if this is by design and nothing can be done?

Thanks in advance.
0
Comment
Question by:Rhino83
  • 3
  • 2
6 Comments
 
LVL 7

Expert Comment

by:EmpKent
ID: 24115560
Can you not just set a maximum of 8 chars and keep your other parameters? Then users could not attempt a password of googlepirate09.

Just a thought.

Kent
0
 

Author Comment

by:Rhino83
ID: 24115614
Looking through smitty chuser there is a Password Min. Length but nothing for a password Max Length so if it is possible to adjust the max length I would give it good consideration I just am not sure how to do so.
0
 
LVL 7

Accepted Solution

by:
EmpKent earned 500 total points
ID: 24115758
Is it possible to just inform your users that they cannot use more than 8 chars? I mean, it appears that the server is truncating it to 8 anyway. If you tell users that they must meet the other criterion within the first 8 chars, they would succeed, no?

Kent
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 7

Expert Comment

by:EmpKent
ID: 24115781
Sorry, should have said criteria or criterions.
0
 

Author Comment

by:Rhino83
ID: 24115814
This is essentially what the e-mail I just generated and sent out states. That it is more of a hard coded situation I can not change without some unnecessary upgrades to the server. Pretty straight forward and makes things a lot easier I just wanted to be sure that it wasn't something I was overlooking or could easily be implemented.

Easy points but I didn't want the user community sitting around with no updates so thanks for the very prompt reply.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24115863
Hi,
please look at /etc/security/user.

The explanation for 'minlen' contained in that file says:

*  minlen        Defines the minimum length of a password.  The default is 0.
*                      Range: 0 to 8.
*
*   Note: The minimum length of a password is determined by minlen and/or
*         'minalpha + minother', whichever is greater.  'minalpha + minother'*         should never be greater than 8.  If 'minalpha + minother' is greater
*         than 8, then minother is reduced to '8 - minalpha'.


With AIX 5.3 and earlier, there is an eight-character design limit for the number of significant bytes in a password, which can not be overcome. This implies that characteristics must be met within those 8 significant bytes, as stated e.g. by the 'minlen' explanation above.

Cheers

wmp

0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now