Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

121

122

123

124

125

126

127

128

129

130

Concerns for the System Administration Team

Security Management Guide—522283-008

7-8

Password Reuse

This command requires that a password be at least 36 characters long the next time a

user changes the password. Use of this command is restricted to super-group

members (or to members of the SECURITY-ADMINISTRATOR security group if that

security group is defined). If the command is restricted, ask an authorized user to issue

the command.

The attribute PASSWORD-MAXIMUM-LENGTH specifies the maximum acceptable

length of a password. The initial value is eight and the maximum value is 64.

Password Reuse

A Safeguard configuration attribute can be used to limit the reuse of passwords by all

users. For example:

3> SAFECOM ALTER SAFEGUARD, PASSWORD-HISTORY 12

This command requires that when a user changes a password, the new password

must differ from the previous twelve passwords used by that user.

Initial Password

Do not derive initial passwords from the user name or user ID because an inside

intruder might log on to a user ID that has been created but not yet assigned.

The initial password should be used only to enable the user to log on for the first time.

Immediately thereafter, the user should change the password to something secret and

easy to remember. For information on how a user changes a password, see Changing

Your Password on page 5-2.

Setting the Initial Password Through the PASSWORD

Command

The ADDUSER utility creates a blank initial password. To establish an initial password,

log on as the user and then use the PASSWORD command.

Setting the Initial Password Through SAFECOM

The SAFECOM ADD USER command allows you to add a user ID and set an initial

password. You might not have authority to add users. Normally only group managers

and the super ID can add users. However, if you are a member of the super group, the

security staff might ask you to create an OBJECTTYPE USER authorization record.

This record determines who can add users (and thereby set the initial password). For

more information about OBJECTTYPE USER authorization records, see Adding Users

on page 3-3.

The following SAFECOM command adds the user CLERK.ROBIN as user ID 102,11

with qw3rt6 as the initial password:

=ADD USER CLERK.ROBIN, 102,11, PASSWORD qw3rt6