Solved

AIX not accepting new password change

Posted on 2009-04-10
6
2,119 Views
Last Modified: 2013-11-17
I am fairly new to AIX and last evening I had to implement some more strict password characteristics. This morning my users are being prompted to change their password based on the new criteria and for some they are having no issue but for others it will not accept their new password.

3004-602 The required password characteristics are:
        a maximum of 8 repeated characters.
        a minimum of 5 alphabetic characters.
        a minimum of 2 non-alphabetic characters.
        a minimum of 7 characters in length.

The consistency seems to be that once they go above the 8 character mark it kicks back and does not take the password...unless of course they match criteria within the first 8 charcters of the new password.

For example:

google09pirate will be excepted however
googlepirate09 will be rejected

I did some searching and saw that in AIX 6.1 a LPA mechanism was implemented allowing for more than 8 characters, but since we are on AIX 5.3 that is not an option. So I'd like to know if I missed a parameter in SMIT somewhere that is making it so the characteristics must take place in the first 8 character fields or if this is by design and nothing can be done?

Thanks in advance.
0
Comment
Question by:Rhino83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 7

Expert Comment

by:EmpKent
ID: 24115560
Can you not just set a maximum of 8 chars and keep your other parameters? Then users could not attempt a password of googlepirate09.

Just a thought.

Kent
0
 

Author Comment

by:Rhino83
ID: 24115614
Looking through smitty chuser there is a Password Min. Length but nothing for a password Max Length so if it is possible to adjust the max length I would give it good consideration I just am not sure how to do so.
0
 
LVL 7

Accepted Solution

by:
EmpKent earned 500 total points
ID: 24115758
Is it possible to just inform your users that they cannot use more than 8 chars? I mean, it appears that the server is truncating it to 8 anyway. If you tell users that they must meet the other criterion within the first 8 chars, they would succeed, no?

Kent
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:EmpKent
ID: 24115781
Sorry, should have said criteria or criterions.
0
 

Author Comment

by:Rhino83
ID: 24115814
This is essentially what the e-mail I just generated and sent out states. That it is more of a hard coded situation I can not change without some unnecessary upgrades to the server. Pretty straight forward and makes things a lot easier I just wanted to be sure that it wasn't something I was overlooking or could easily be implemented.

Easy points but I didn't want the user community sitting around with no updates so thanks for the very prompt reply.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24115863
Hi,
please look at /etc/security/user.

The explanation for 'minlen' contained in that file says:

*  minlen        Defines the minimum length of a password.  The default is 0.
*                      Range: 0 to 8.
*
*   Note: The minimum length of a password is determined by minlen and/or
*         'minalpha + minother', whichever is greater.  'minalpha + minother'*         should never be greater than 8.  If 'minalpha + minother' is greater
*         than 8, then minother is reduced to '8 - minalpha'.


With AIX 5.3 and earlier, there is an eight-character design limit for the number of significant bytes in a password, which can not be overcome. This implies that characteristics must be met within those 8 significant bytes, as stated e.g. by the 'minlen' explanation above.

Cheers

wmp

0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question