Manualshelf

HP-UX 11i v3 March 2012 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Foundation OE
111112113114115116117118119120
8 Security
This chapter covers changes and enhancements to security services. For changes to other products
and features related to this chapter, see “What is new in the HP-UX 11i v3 March 2012 release
(page 13).
Restricted Root
New security options are available extending password and login policies to the root account.
This shadow mode enhancement allows implementation of stricter security policies that were
previously only available on trusted mode systems. Restricted Root is delivered via two patches in
the FEATURE11i bundle: PHCO_42662 and PHCO_42663.
Summary of Change
When the root account changes its own password or another account's password, defined system
and user password policies are checked during the password change. The following policies are
checked:
Allow root to change the password only after PASSWORD_MINDAYS
Configurable minimum password length
Password complexity
Password history depth is applicable
Login restrictions are applied to the root account. The following login policies are checked:
Disallow login with a null password
Disallow login after INACTIVITY_MAXDAYS
Compatibility
By default the new features are disabled, maintaining compatibility with previous shadow mode
implementations. To activate the features, see the security(4) manpage.
Performance
There are no known performance issues.
Documentation
Manpages
security(4)
Obsolescence
Not applicable.
112 Security