Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
41424344454647484950
2.4 Managing Passwords
The password is the most important individual user identification symbol. With it, the
system authenticates a user to allow access to the system. Because they are vulnerable
to compromise when used, stored, or known, passwords must be kept secret at all times.
The following sections discuss passwords in more detail.
2.4.1 System Administrator Responsibilities
The system administrator and every user on the system must share responsibility for
password security. System administrators perform the following security tasks:
Ensure that all users have passwords.
Maintain proper permissions on all system files, including the standard password
and group files, /etc/passwd and /etc/group.
Delete or nullify user IDs and passwords of users no longer eligible to access the
system.
Verify that all application passwords are encrypted.
Verify that permissions on /var/adm/btmp and /var/adm/wtmp are set
appropriately.
Implement one-time passwords for single guest access.
Inform users of their responsibilities regarding password security.
Use password aging to force users to change their passwords regularly.
Prevent reuse of recent passwords.
Configure systemwide security attributes in the /etc/default/security file.
See Section 2.5 and refer to security(4) for more information.
Convert the system to use shadow passwords. See Section 2.4.5 and refer to
shadow(4) and pwconv(1M) for more information.
2.4.2 User Responsibilities
Every user must observe the following rules:
Remember the password and keep it secret at all times.
Change the initial password immediately and continue to change it.
Report any changes in status and any suspected security violations.
Make sure no one is watching a password being entered.
2.4 Managing Passwords 41