Login or Register to Ask a Question and Join Our Community


Solaris

Password policy problem ??

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Password policy problem ??
# 1  
Old 12-16-2009
Password policy problem ??
Hi Solaris's expert

I need to change user password on Solaris10 2 servers.
With the same password I can change it just only one.
Try to check everything but not found difference??

password pattern: abcdeFgh9Jk

server1 check all characters but server2 check only first 8 characters.Why??
I think solaris just check only first 8 char.

error msg on server2 ->> passwd: The first 8 characters of the password must contain at least 1 numeric or special character(s).
Anyone have any idea for this case?

File: /etc/default/passwd

Server0101 *** Change password success

MINALPHA=2
#MINDIFF=5
MINNONALPHA=1
#MINUPPER=0
#MINLOWER=2
#MAXREPEATS=2
WHITESPACE=YES
NAMECHECK=YES
DICTIONDBDIR=/var/passwd
DICTIONLIST=/usr/share/lib/dict/words
MINWEEKS=1
MAXWEEKS=9
WARNWEEKS=1
PASSLENGTH=8
=============

Server02 **** Cannot change password
HISTORY=3
MINALPHA=2
#MINDIFF=5
MINNONALPHA=1
#MINUPPER=0
#MINLOWER=2
#MAXREPEATS=2
WHITESPACE=YES
NAMECHECK=YES
DICTIONDBDIR=/var/passwd
DICTIONLIST=/usr/share/lib/dict/words
MINWEEKS=1
MAXWEEKS=9
WARNWEEKS=1
PASSLENGTH=8
====================

Thank you,Smilie
# 2  
Old 12-17-2009
1st question to you.. isn't your server 1 checks for password history?
and according to the error messages, your 1st 8 char should have at leasta special char or numeric, which does not match
# 3  
Old 12-17-2009
Quote:
Originally Posted by incredible
1st question to you.. isn't your server 1 checks for password history?
and according to the error messages, your 1st 8 char should have at leasta special char or numeric, which does not match
1. Yes server1 check password history too [HISTORY=3]
2. my password have number "9" at 9th char, but why we can use this password in server1 ??

my password example: ->> abcdeFgh9Jk
# 4  
Old 12-17-2009
By default with Solaris 10 and older the password is truncated to the first eight characters before further processing. Remaining ones are simply ignored.
# 5  
Old 12-18-2009
Quote:
Originally Posted by jlliagre
By default with Solaris 10 and older the password is truncated to the first eight characters before further processing. Remaining ones are simply ignored.
Can you see this in my previous answer?
.
.
2. my password have number "9" at 9th char, but why we can use this password in server1 ?? <<<<
# 6  
Old 12-18-2009
There is nothing wrong with server1 checking the ninth character. As I wrote, the default configuration truncates to eight. You do not give evidence server1 uses the default security policy configuration.

You would need to compare /etc/security/policy.conf files, especially the CRYPT_DEFAULT parameter.
# 7  
Old 12-18-2009
Quote:
Originally Posted by jlliagre
There is nothing wrong with server1 checking the ninth character. As I wrote, the default configuration truncates to eight. You do not give evidence server1 uses the default security policy configuration.

You would need to compare /etc/security/policy.conf files, especially the CRYPT_DEFAULT parameter.
Oh thank you jlliagre, I found difference but I'm not understand it.

server1 have no parameter "CRYPT_DEFAULT" .

but server2 have
> CRYPT_DEFAULT=2a
> CRYPT_ALGORITHMS_ALLOW=1,2a,md5

what about these?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Password policy for root

Hi, I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help.. vi /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies

2. AIX

Password Policy

I need help. I have set a password policy. But I want to dis allow setting user name as password. My policy is as below... min length =8 min diff=2 min alpha=2 max repeats=2 dictionary= /usr/share/dict/words Still user can set his username as password (i.e. Jackie1234). Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies

3. Ubuntu

Password Expiration Policy

Hello Team, I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password. Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies

4. Solaris

Solaris and PAM Password policy

Hello All, I have Sun DSEE7 (11g) on Solaris 10. I have run idsconfig and initialized ldap client with profile created using idsconfig. My ldap authentication works. Here is my pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login ... (3 Replies)
Discussion started by: pandu345
3 Replies

5. Red Hat

Password Policy description

Hi Experts, i would like to know the description of the following: Minimum: 0 Maximum: 90 Warning: 7 Inactive: -1 Last Change: Never Password Expires: Never Password Inactive: Never Account Expires: Never Does this means that... (2 Replies)
Discussion started by: yprudent
2 Replies

6. Ubuntu

User and Password Policy

Hi linux expert, i would like to create a script for listing all user with there password policy. It should be in the following format: Last password change : Sep 19, 2011 Password expires : never Password inactive : never Account... (2 Replies)
Discussion started by: yprudent
2 Replies

7. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

8. Red Hat

NIS password policy

Hi, I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me. I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies

9. Red Hat

Shadow file password policy

Today i was going through some of security guides written on linux . Under shadow file security following points were mentioned. 1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters. 2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies

10. UNIX and Linux Applications

Need openLDAP + Password policy guide

Hi all of you.............. I am using openldap on ubuntu server . i want to apply password policy for user's to set password length , expire date , ......etc. can anybody guide me to configure this. (1 Reply)
Discussion started by: jagnikam
1 Replies
Login or Register to Ask a Question