Password policy problem ?? | Unix Linux Forums | Solaris

  Go Back    


Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

Password policy problem ??

Solaris


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 12-16-2009
arm_naja arm_naja is offline
Registered User
 
Join Date: Mar 2006
Last Activity: 3 July 2014, 4:31 AM EDT
Posts: 59
Thanks: 2
Thanked 0 Times in 0 Posts
Password policy problem ??

Hi Solaris's expert

I need to change user password on Solaris10 2 servers.
With the same password I can change it just only one.
Try to check everything but not found difference??

password pattern: abcdeFgh9Jk

server1 check all characters but server2 check only first 8 characters.Why??
I think solaris just check only first 8 char.

error msg on server2 ->> passwd: The first 8 characters of the password must contain at least 1 numeric or special character(s).
Anyone have any idea for this case?

File: /etc/default/passwd

Server0101 *** Change password success

MINALPHA=2
#MINDIFF=5
MINNONALPHA=1
#MINUPPER=0
#MINLOWER=2
#MAXREPEATS=2
WHITESPACE=YES
NAMECHECK=YES
DICTIONDBDIR=/var/passwd
DICTIONLIST=/usr/share/lib/dict/words
MINWEEKS=1
MAXWEEKS=9
WARNWEEKS=1
PASSLENGTH=8
=============

Server02 **** Cannot change password
HISTORY=3
MINALPHA=2
#MINDIFF=5
MINNONALPHA=1
#MINUPPER=0
#MINLOWER=2
#MAXREPEATS=2
WHITESPACE=YES
NAMECHECK=YES
DICTIONDBDIR=/var/passwd
DICTIONLIST=/usr/share/lib/dict/words
MINWEEKS=1
MAXWEEKS=9
WARNWEEKS=1
PASSLENGTH=8
====================

Thank you,
Sponsored Links
    #2  
Old 12-17-2009
incredible incredible is offline Forum Advisor  
Registered User
 
Join Date: May 2008
Last Activity: 1 June 2012, 4:25 AM EDT
Location: SINGAPORE.. The "FINE" City
Posts: 2,693
Thanks: 1
Thanked 19 Times in 19 Posts
1st question to you.. isn't your server 1 checks for password history?
and according to the error messages, your 1st 8 char should have at leasta special char or numeric, which does not match
Sponsored Links
    #3  
Old 12-17-2009
arm_naja arm_naja is offline
Registered User
 
Join Date: Mar 2006
Last Activity: 3 July 2014, 4:31 AM EDT
Posts: 59
Thanks: 2
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by incredible View Post
1st question to you.. isn't your server 1 checks for password history?
and according to the error messages, your 1st 8 char should have at leasta special char or numeric, which does not match
1. Yes server1 check password history too [HISTORY=3]
2. my password have number "9" at 9th char, but why we can use this password in server1 ??

my password example: ->> abcdeFgh9Jk
    #4  
Old 12-17-2009
jlliagre jlliagre is offline Forum Advisor  
ɹǝsn sıɹɐlos
 
Join Date: Dec 2007
Last Activity: 27 July 2014, 5:58 PM EDT
Location: Paris
Posts: 4,397
Thanks: 15
Thanked 460 Times in 416 Posts
By default with Solaris 10 and older the password is truncated to the first eight characters before further processing. Remaining ones are simply ignored.
Sponsored Links
    #5  
Old 12-18-2009
arm_naja arm_naja is offline
Registered User
 
Join Date: Mar 2006
Last Activity: 3 July 2014, 4:31 AM EDT
Posts: 59
Thanks: 2
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by jlliagre View Post
By default with Solaris 10 and older the password is truncated to the first eight characters before further processing. Remaining ones are simply ignored.
Can you see this in my previous answer?
.
.
2. my password have number "9" at 9th char, but why we can use this password in server1 ?? <<<<
Sponsored Links
    #6  
Old 12-18-2009
jlliagre jlliagre is offline Forum Advisor  
ɹǝsn sıɹɐlos
 
Join Date: Dec 2007
Last Activity: 27 July 2014, 5:58 PM EDT
Location: Paris
Posts: 4,397
Thanks: 15
Thanked 460 Times in 416 Posts
There is nothing wrong with server1 checking the ninth character. As I wrote, the default configuration truncates to eight. You do not give evidence server1 uses the default security policy configuration.

You would need to compare /etc/security/policy.conf files, especially the CRYPT_DEFAULT parameter.
Sponsored Links
    #7  
Old 12-18-2009
arm_naja arm_naja is offline
Registered User
 
Join Date: Mar 2006
Last Activity: 3 July 2014, 4:31 AM EDT
Posts: 59
Thanks: 2
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by jlliagre View Post
There is nothing wrong with server1 checking the ninth character. As I wrote, the default configuration truncates to eight. You do not give evidence server1 uses the default security policy configuration.

You would need to compare /etc/security/policy.conf files, especially the CRYPT_DEFAULT parameter.
Oh thank you jlliagre, I found difference but I'm not understand it.

server1 have no parameter "CRYPT_DEFAULT" .

but server2 have
> CRYPT_DEFAULT=2a
> CRYPT_ALGORITHMS_ALLOW=1,2a,md5

what about these?
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Without password via RSA algorithm problem temhem UNIX for Dummies Questions & Answers 8 11-25-2009 10:22 AM
Need openLDAP + Password policy guide jagnikam UNIX and Linux Applications 1 08-26-2008 03:09 PM
RSH password problem punyenye UNIX for Dummies Questions & Answers 0 03-23-2006 03:09 AM
password problem kaye UNIX for Dummies Questions & Answers 1 09-09-2002 03:11 PM



All times are GMT -4. The time now is 08:21 AM.