Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

191

192

193

194

195

196

197

198

199

200

• Time of last successful and unsuccessful password changes

• Absolute time (date) when the account will expire

• Maximum time allowed between logins before the account is locked

• Number of days before expiration when a warning will appear

• Whether passwords are user-generated or system-generated

• Password triviality check to prevent common words or well-known terms from being

used as passwords

• Type of system-generated passwords

• Null passwords

• User ID of last person to change password, if not the account owner

• Time periods when this account can be used for login

• Identification of terminal or remote hosts associated with the last successful and

unsuccessful logins to this account

• Number of unsuccessful login attempts; cleared upon successful login

• Maximum number of login attempts allowed before account is locked

A.3.2 Password Selection and Generation

On trusted systems, the following password generation options are available:

• User-generated passwords.

A password screening option is available to check for the use of login and group

names, login and group name permutations, and palindromes.

A new password must differ from the old password by at least 3 characters.

• System-generated passwords using a combination of letters only.

• System-generated passwords using a combination of letters, numbers, and punctuation

characters.

• System-generated passwords using pronounceable meaningless syllables.

You can set password generation options for a system. Alternately, you can set password

generation options on a per-user basis, overriding the system default.

You must set at least one password generation option for each user. If more than one

option is available to a user, a password generation menu is displayed when the user

changes the password.

A.3.3 Password Aging

You can enable or disable password aging for each user. When password aging is

enabled, the system maintains the following for the password:

Minimum time The minimum time required between password changes. This

prevents a user from changing the password and then changing

it back immediately to avoid memorizing a new one.

Expiration time A time after which a user must change that password at login.

Warning time The time before expiration when a warning will be issued.

A.3 Managing Trusted Passwords and System Access 195