Administrator's Guide
• Usage of the userdbset command can be restricted based on a user’s
authorizations. See userdbset(1M) for more information.
• The userstat command displays the account status of local users. It checks the
status of local user accounts and reports abnormal conditions, such as account locks.
See userstat(1M) for more information.
3.2 Security Attributes and the User Database
Previously, in standard mode, all HP-UX security attributes and password policy restrictions
were set on a systemwide basis. The introduction of the user database enables you to
set security attributes on a per-user basis, which override systemwide defaults.
3.2.1 System Security Attributes
A security attribute defines how to control security configurations, such as passwords,
logins, and auditing. The security attributes description file, /etc/security.dsc, lists
the attributes that can be defined either in /etc/default/security, in the user
database in /var/adm/userdb, or in both files. Some attributes are configurable and
some are internal.
CAUTION: Do not modify the /etc/security.dsc file in any way.
When a user logs in, the system checks for applicable security attributes in the following
order:
1. The system examines per-user attributes in the following locations:
• /var/adm/userdb
• /etc/passwd
• /etc/shadow
NOTE: For each per-use attribute, a value is stored in one of the three files
above. Refer to security(4) to see which attributes are stored in each file.
2. If there is no per-user value, then the system examines the configured systemwide
attributes in /etc/default/security.
3. If there are no configured systemwide attributes, then the system uses the default
attributes in /etc/security.dsc.
3.2.2 Configuring Systemwide Attributes
To configure systemwide attributes, follow these steps:
1. Plan your configuration using available resources. Refer to security(4) for information
about configuring systemwide attributes.
62 HP-UX Standard Mode Security Extensions