Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Solaris 10 - password complexity not working
Operating Systems Solaris Solaris 10 - password complexity not working Post 303001715 by MadeInGermany on Wednesday 9th of August 2017 05:40:42 PM
Old 08-09-2017
I think you must patch your Solaris 10, then root is no longer exempted from the complexity rules.
man passwd on an old Solaris 10 says:
Quote:
In the files case, super-users (for instance, real and
effective uid equal to 0, see id(1M) and su(1M)) can change
any password. Hence, passwd does not prompt privileged users
for the old password. Privileged users are not forced to
comply with password aging and password construction
requirements. A privileged user can create a null password
by entering a carriage return in response to the prompt for
a new password.
While a newer Solaris 10 says
Quote:
The passwd command does not prompt authorized users for the
old password.
...
By default, even users authorized to change the password of
other users must comply with the configured password policy.
See pam_authtok_check(5).
This article suggests the change happened with Solaris 10 8/11.

BTW if you set the minimum password length to 8 then in fact you lower the security somewhat if you have CRYPT_DEFAULT=__unix__ in /etc/security/policy.conf because it always limits the maximum password length to 8.
So you should change it to CRYPT_DEFAULT=1 (1 or 2a or md5) to allow longer passwords! It also will create longer crypts in /etc/shadow, but can still understand the existing short Unix crypts.
This User Gave Thanks to MadeInGermany For This Post:
hicksd8
 

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

emailed reset password is not working

Well, I get this email - Hello, You have requested to reset your password on The UNIX Forums forums because you have forgotten your password. If you did not request this, please ignore it. It will expire and become useless in 24 hours time. To reset your password, please visit the... (1 Reply)
Discussion started by: zyx
1 Replies

2. Solaris

password complexity check

Hi, I am looking for a simple way to : - force the user to change his password following the first connexion - check the complexity of a password (password should has a least 8 characters with 1 special char and 1 alpha...). Thinks for your help (1 Reply)
Discussion started by: dbsora
1 Replies

3. Shell Programming and Scripting

script not working as intended for password

Hi I have a script which uses expect and I run it on solaris 10 to set a common password for all users. I run it as `./script password` but when I tried to log into the system then I do not really have to type password, pressing ENTER on keyboard logs the user into system. (ssh) This below... (2 Replies)
Discussion started by: upengan78
2 Replies

4. Solaris

Solaris 8 - Asks for current root password when trying to change root password.

Hello All, I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies

5. Solaris

Solaris 9 Reset Password - boot cdrom -s not working

Boot device : /pci@1f,4000/scsi@3/disk@0,0:a File and args: -s cdrom SunOS Release 5.9 Version Generic_118558-11 64-bit (6 Replies)
Discussion started by: agummad
6 Replies

6. Shell Programming and Scripting

Password-less RSA Authentication not working

Hello Friends, I know this issue has been raised many times and hence I tried every resolution provided in the forum before I posted this issue again. My Password-less RSA authentication was working fine for quite some time. Whenever the remote server password used to change I used to re-do... (5 Replies)
Discussion started by: mehimadri
5 Replies

7. Shell Programming and Scripting

sftp using password not working in unix

Sorry to post this thread as it has been asked several times. But my question is that I need to write a shell script to transfer a file from machine A to machine B using sftp. I generated pvt-pub key pair and put pub key in machine b and lso make the pub file's permision 600. .ssh directory... (1 Reply)
Discussion started by: vsachan
1 Replies

8. SuSE

Setting password complexity

Hi, I am setting password complexity in SLES 11. I am able to do most of things pam-config -d --pwcheck pam-config -a --cracklib pam-config -a --cracklib-minlen=8 pam-config -a --cracklib-dcredit=-1 pam-config -a --cracklib-ocredit=-1 pam-config -a --pwhistory pam-config -a... (1 Reply)
Discussion started by: solaris_1977
1 Replies

9. UNIX for Dummies Questions & Answers

Ssh command without password - Not working

Hi, I have followed the below commands for key generation and ssh from one server to another with user mqm cd /var/mqm/.ssh mqm@A:~> ssh-keygen -t rsa <public key creation> mqm@A:~> ssh mqm@B mkdir -p .ssh mqm@B's password: <entered_password> mqm@A:~> cat /var/mqm/.ssh/id_rsa.pub | ssh... (4 Replies)
Discussion started by: Anusha M
4 Replies

10. UNIX for Beginners Questions & Answers

Password Less Authentication not Working After Giving Full Permission

Hello Team, Please help me to solve my Problem, By mistake, I give full permission to /(root) directory. by using the following command "chmod -R 777 /" after this, the client asks for the password to login via ssh. Before that, I an able to Login without a password. Please help me to retrieve... (5 Replies)
Discussion started by: Shubham1182
5 Replies

LEARN ABOUT HPUX

yppasswd

yppasswd(1)						      General Commands Manual						       yppasswd(1)

NAME

       yppasswd - change login password in Network Information System (NIS)

SYNOPSIS

       [name]

   Remarks
       The  Network  Information  Service  (NIS)  was  formerly known as Yellow Pages (YP).  The functionality remains the same; only the name has
       changed.

DESCRIPTION

       changes or installs a password associated with the login name in the Network Information System (NIS).  The NIS password can  be  different
       from the one on your own machine.  If name is omitted, it defaults to the name returned by (see getlogin(3C)).

       prompts	for  the old NIS password (even if it does not exist), then twice for the new one.  The old password must be entered correctly for
       the change to take effect.  Checks occur to ensure that the new password meets the following construction requirements.

	      o  Only the first eight characters are significant.

	      o  A password can be as few as four characters long if it contains

		    o  at least one special character or

		    o  a mixture of numeric, uppercase and lowercase letters.

	      o  A password can be as few as five characters long if it contains a mixture of

		    o  uppercase and lowercase letters or

		    o  numeric and either uppercase or lowercase letters.

	      o  A password must contain at least six characters if it contains only monocase letters.

       All these rules except the first are relaxed if you try three times to enter an unacceptable new password.  You cannot,	however,  enter  a
       null password.

       Only the owner of the name or the superuser can change a password.

       The  Network  Information  System  password daemon, must be running on the master NIS password server to change NIS passwords.  See yppass-
       wdd(1M).

WARNINGS

       The password update protocol passes the old and new passwords to the master NIS server at once.	Thus, if the old NIS  password	is  incor-
       rect, no notification is given until the new NIS password is successfully entered.

       The password construction rules are different from those of the HP-UX command (see passwd(1)).

       The  root user's password cannot be changed using or Therefore, root users must change their password in the files database and then recon-
       struct the NIS maps using the command.  For more information on how to use the command, see ypmake(1M).

       User applications that call this routine must be linked with For example,

AUTHOR

       was developed by Sun Microsystems, Inc.

SEE ALSO

       id(1), passwd(1), su(1), yppasswdd(1M), getlogin(3C), yppasswd(3N), ypfiles(4).

																       yppasswd(1)
All times are GMT -4. The time now is 04:05 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy