Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2187
  • Last Modified:

AIX not accepting new password change

I am fairly new to AIX and last evening I had to implement some more strict password characteristics. This morning my users are being prompted to change their password based on the new criteria and for some they are having no issue but for others it will not accept their new password.

3004-602 The required password characteristics are:
        a maximum of 8 repeated characters.
        a minimum of 5 alphabetic characters.
        a minimum of 2 non-alphabetic characters.
        a minimum of 7 characters in length.

The consistency seems to be that once they go above the 8 character mark it kicks back and does not take the password...unless of course they match criteria within the first 8 charcters of the new password.

For example:

google09pirate will be excepted however
googlepirate09 will be rejected

I did some searching and saw that in AIX 6.1 a LPA mechanism was implemented allowing for more than 8 characters, but since we are on AIX 5.3 that is not an option. So I'd like to know if I missed a parameter in SMIT somewhere that is making it so the characteristics must take place in the first 8 character fields or if this is by design and nothing can be done?

Thanks in advance.
0
Rhino83
Asked:
Rhino83
  • 3
  • 2
1 Solution
 
EmpKentCommented:
Can you not just set a maximum of 8 chars and keep your other parameters? Then users could not attempt a password of googlepirate09.

Just a thought.

Kent
0
 
Rhino83Author Commented:
Looking through smitty chuser there is a Password Min. Length but nothing for a password Max Length so if it is possible to adjust the max length I would give it good consideration I just am not sure how to do so.
0
 
EmpKentCommented:
Is it possible to just inform your users that they cannot use more than 8 chars? I mean, it appears that the server is truncating it to 8 anyway. If you tell users that they must meet the other criterion within the first 8 chars, they would succeed, no?

Kent
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
EmpKentCommented:
Sorry, should have said criteria or criterions.
0
 
Rhino83Author Commented:
This is essentially what the e-mail I just generated and sent out states. That it is more of a hard coded situation I can not change without some unnecessary upgrades to the server. Pretty straight forward and makes things a lot easier I just wanted to be sure that it wasn't something I was overlooking or could easily be implemented.

Easy points but I didn't want the user community sitting around with no updates so thanks for the very prompt reply.
0
 
woolmilkporcCommented:
Hi,
please look at /etc/security/user.

The explanation for 'minlen' contained in that file says:

*  minlen        Defines the minimum length of a password.  The default is 0.
*                      Range: 0 to 8.
*
*   Note: The minimum length of a password is determined by minlen and/or
*         'minalpha + minother', whichever is greater.  'minalpha + minother'*         should never be greater than 8.  If 'minalpha + minother' is greater
*         than 8, then minother is reduced to '8 - minalpha'.


With AIX 5.3 and earlier, there is an eight-character design limit for the number of significant bytes in a password, which can not be overcome. This implies that characteristics must be met within those 8 significant bytes, as stated e.g. by the 'minlen' explanation above.

Cheers

wmp

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now