Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Configuration
Safeguard Administrator’s Manual—523317-013
9-6
Configuring Password Control
PASSWORD-HISTORY
Records a specified number of previously used passwords for each user and does
not allow a user to change his or her password to any password in this history. You
can specify a history of 0 to 60 passwords. (If you specify a history of more than 20
passwords, you must convert the USERID files as described in Section 10,
Installation and Management.) Values of 0 and 1 allow the user to reuse any
password, even if used recently. The initial value is 0.
PASSWORD-MAXIMUM-LENGTH
Specifies the maximum acceptable length of a password. The initial value is eight
and the maximum value is 64.
PASSWORD-MINIMUM-LENGTH
Specifies the minimum acceptable length of a password. A value of 0 indicates that
null passwords can be accepted. The initial value is 0.
PASSWORD-REQUIRED
Requires the use of a password by all users when logging on as another user. This
includes logon attempts by the local super ID and group managers. The initial
value is OFF.
PASSWORD-MAY-CHANGE
Specifies the number of days prior to expiration that a user can change a
password. (Expiration is determined by the PASSWORD-MUST-CHANGE attribute
in the user authentication record.) A value of 0 allows the password to be changed
at any time. The default is 0.
If the PASSWORD-MAY-CHANGE period is greater than the PASSWORD-MUST-
CHANGE period in a user authentication record, that user’s password can be
changed at any time
1
PASSWORD-UPPERCASE-REQUIRED {ON / OFF}
Specifies whether a user's password will be enforced to have at least one
uppercase character. The initial value is OFF.
Note. This attribute is supported only on systems running H06.08 and later H-series RVUs.
Note. The default value is six only on systems running G06.29 and later G-series RVUs and
H06.06 and later H-series RVUs.
Note. Setting PASSWORD-MAY-CHANGE for the super ID has no impact.
1. Supported only on systems running H06.09 and later H-series RVUs.