Sponsored Content
Full Discussion: Password policy problem ??
Operating Systems Solaris Password policy problem ?? Post 302381591 by arm_naja on Friday 18th of December 2009 10:35:15 PM
Old 12-18-2009
Quote:
Originally Posted by jlliagre
There is nothing wrong with server1 checking the ninth character. As I wrote, the default configuration truncates to eight. You do not give evidence server1 uses the default security policy configuration.

You would need to compare /etc/security/policy.conf files, especially the CRYPT_DEFAULT parameter.
Oh thank you jlliagre, I found difference but I'm not understand it.

server1 have no parameter "CRYPT_DEFAULT" .

but server2 have
> CRYPT_DEFAULT=2a
> CRYPT_ALGORITHMS_ALLOW=1,2a,md5

what about these?
 

10 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

Need openLDAP + Password policy guide

Hi all of you.............. I am using openldap on ubuntu server . i want to apply password policy for user's to set password length , expire date , ......etc. can anybody guide me to configure this. (1 Reply)
Discussion started by: jagnikam
1 Replies

2. Red Hat

Shadow file password policy

Today i was going through some of security guides written on linux . Under shadow file security following points were mentioned. 1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters. 2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies

3. Red Hat

NIS password policy

Hi, I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me. I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies

4. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

5. Ubuntu

User and Password Policy

Hi linux expert, i would like to create a script for listing all user with there password policy. It should be in the following format: Last password change : Sep 19, 2011 Password expires : never Password inactive : never Account... (2 Replies)
Discussion started by: yprudent
2 Replies

6. Red Hat

Password Policy description

Hi Experts, i would like to know the description of the following: Minimum: 0 Maximum: 90 Warning: 7 Inactive: -1 Last Change: Never Password Expires: Never Password Inactive: Never Account Expires: Never Does this means that... (2 Replies)
Discussion started by: yprudent
2 Replies

7. Solaris

Solaris and PAM Password policy

Hello All, I have Sun DSEE7 (11g) on Solaris 10. I have run idsconfig and initialized ldap client with profile created using idsconfig. My ldap authentication works. Here is my pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login ... (3 Replies)
Discussion started by: pandu345
3 Replies

8. Ubuntu

Password Expiration Policy

Hello Team, I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password. Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies

9. AIX

Password Policy

I need help. I have set a password policy. But I want to dis allow setting user name as password. My policy is as below... min length =8 min diff=2 min alpha=2 max repeats=2 dictionary= /usr/share/dict/words Still user can set his username as password (i.e. Jackie1234). Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies

10. Red Hat

Password policy for root

Hi, I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help.. vi /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies
policy.conf(4)                                                     File Formats                                                     policy.conf(4)

NAME
policy.conf - configuration file for security policy SYNOPSIS
/etc/security/policy.conf DESCRIPTION
The policy.conf file provides the security policy configuration for user-level attributes. Each entry consists of a key/value pair in the form: key=value The following keys are defined: AUTHS_GRANTED Specify the default set of authorizations granted to all users. This entry is interpreted by chkau- thattr(3SECDB). The value is one or more comma-separated authorizations defined in auth_attr(4). PROFS_GRANTED Specify the default set of profiles granted to all users. This entry is interpreted by chkauthattr(3SECDB) and getexecuser(3SECDB). The value is one or more comma-separated profiles defined in prof_attr(4). PRIV_DEFAULT and PRIV_LIMIT Settings for these keys determine the default privileges that users have. (See privileges(5).) If these keys are not set, the default privileges are taken from the inherited set. PRIV_DEFAULT determines the default set on login. PRIV_LIMIT defines the limit set on login. Users can have privileges assigned or taken away through use of user_attr(4). Privileges can also be assigned to profiles, in which case users who have those profiles can exercise the assigned privileges through pfexec(1). For maximum future compatibility, the privilege specifications should always include basic or all. Privi- leges should then be removed using negation. See EXAMPLES. By assigning privileges in this way, you avoid a situation where, following an addition of a currently unprivileged operation to the basic privilege set, a user unexpectedly does not have the privileges he needs to perform that now-privileged operation. Note that removing privileges from the limit set requires extreme care, as any set-uid root program might suddenly fail because it lacks certain privilege(s). Note also that dropping basic privileges from the default privilege set can cause unexpected failure modes in applications. LOCK_AFTER_RETRIES=YES|NO Specifies whether a local account is locked after the count of failed logins for a user equals or exceeds the allowed number of retries as defined by RETRIES in /etc/default/login. The default value for users is NO. Individual account overrides are provided by user_attr(4). CRYPT_ALGORITHMS_ALLOW Specify the algorithms that are allowed for new passwords and is enforced only in crypt_gensalt(3C). CRYPT_ALGORITHMS_DEPRECATE Specify the algorithm for new passwords that is to be deprecated. For example, to deprecate use of the tra- ditional UNIX algorithm, specify CRYPT_ALGORITHMS_DEPRECATE=__unix__ and change CRYPT_DEFAULT= to another algorithm, such as CRYPT_DEFAULT=1 for BSD and Linux MD5. CRYPT_DEFAULT Specify the default algorithm for new passwords. The Solaris default is the traditional UNIX algorithm. This is not listed in crypt.conf(4) since it is internal to libc. The reserved name __unix__ is used to refer to it. The key/value pair must appear on a single line, and the key must start the line. Lines starting with # are taken as comments and ignored. Option name comparisons are case-insensitive. Only one CRYPT_ALGORITHMS_ALLOW or CRYPT_ALGORITHMS_DEPRECATE value can be specified. Whichever is listed first in the file takes prece- dence. The algorithm specified for CRYPT_DEFAULT must either be specified for CRYPT_ALGORITHMS_ALLOW or not be specified for CRYPT_ALGO- RITHMS_DEPRECATE. If CRYPT_DEFAULT is not specified, the default is __unix__. EXAMPLES
Example 1: Defining a Key/Value Pair AUTHS_GRANTED=solaris.date Example 2: Specifying Privileges As noted above, you should specify privileges through negation, specifying all for PRIV_LIMIT and basic for PRIV_DEFAULT, then subtracting privileges, as shown below. PRIV_LIMIT=all,!sys_linkdir PRIV_DEFAULT=basic,!file_link_any The first line, above, takes away only the sys_linkdir privilege. The second line takes away only the file_link privilege. These privilege specifications will be unaffected by any future addition of privileges that might occur. FILES
/etc/user_attr Defines extended user attributes. /etc/security/auth_attr Defines authorizations. /etc/security/prof_attr Defines profiles. /etc/security/policy.conf Defines policy for the system. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
login(1), pfexec(1), chkauthattr(3SECDB), getexecuser(3SECDB), auth_attr(4), crypt.conf(4), prof_attr(4), user_attr(4), attributes(5), privileges(5) SunOS 5.10 16 Mar 2004 policy.conf(4)
All times are GMT -4. The time now is 09:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy