Even I have the following in my setup. Hope this helps Prashant "Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless. Honored Contributor. No way to get around that, that I know of. I agree with Patrick, 2 e. All teh best Victor. Hi again, OK, "strange" recommendations then Thanks for all the answers. Valued Contributor.
This is just one of many changes due to feedback from the community. Victor, can you provide me with additional details? Hi, Thanks for your answer Chris. I will let this thread open, so who wants can give you more feedback about this matter also in this site. The experts are here. Thanks again to all. New Member. Our auditor wants to confirm if the settings is appropriate. Home directory, the user's initial login directory.
Login program path name, executed when the user logs in. The user can change the comment field fifth field with the chfn command and the login program path name seventh field with the chsh command. The system administrator sets the remaining fields.
The user ID should be unique. For more information, see chfn 1 , chsh 1 , passwd 1 , and passwd 4. The user can change the password in the protected password database with passwd. User authentication profiles are stored in these directories based on the first letter of the user account name.
On trusted systems, key security elements are held in the protected password database, accessible only to superusers. The protected password database contains many authentication entries for the user. See prpwd 4 for more information on these entries, which include the following:. Boot authentication to allow specified users to boot the system; see security 4. Password triviality check to prevent common words or well-known terms from being used as passwords.
Identification of terminal or remote hosts associated with the last successful and unsuccessful logins to this account. On trusted systems, the following password generation options are available:.
A password screening option is available to check for the use of login and group names, login and group name permutations, and palindromes. System-generated passwords using a combination of letters, numbers, and punctuation characters.
You can set password generation options for a system. Alternately, you can set password generation options on a per-user basis, overriding the system default. You must set at least one password generation option for each user. If more than one option is available to a user, a password generation menu is displayed when the user changes the password.
You can enable or disable password aging for each user. When password aging is enabled, the system maintains the following for the password:. The minimum time required between password changes. This prevents a user from changing the password and then changing it back immediately to avoid memorizing a new one. The time at which the account associated with the password is locked if the password is not changed. Once an account is locked, only the system administrator can unlock it.
Once unlocked, the password must still be changed before the user can log into the account. The expiration time and lifetime values are reset when a password is changed. A lifetime of zero specifies no password aging; in this case, the other password aging times have no effect. You can enable the password history feature on a systemwide basis to discourage users from reusing previous passwords. When a user changes the password, the new password is checked against the previous n passwords, starting with the current password.
If the system finds a match, it rejects the new password. An n of 2 prevents users from alternating between two passwords. For more information, see passwd 1 and security 4. On trusted systems, you can specify times-of-day and days-of-week that are allowed for login for each user.
When a user attempts to log in outside the allowed access time, the event is logged if auditing is enabled for login failures and successes and the login is terminated.
A superuser can log in outside the allowed access time, but the event is logged. The permitted range of access times is stored in the protected password database for users and can be set with HP SMH.
Users that are logged in when a range ends are not logged out. When the list is null for a device, all users are allowed access. A field in the entry lists the users allowed on the device. See devassign 4 and ttys 4. Use the library routines described in the following manpages to access information in the password files and in other trusted system databases:.
Remember the password and keep it secret at all times. Report any changes in status and any suspected security violations. Make sure no one is watching when you enter the password. Choose a different password for each machine on which you have an account. Password Files.
In the example, robin Unused password field, held by an asterisk instead of an actual password. Robin Hood,Rm 3,x, Home directory, the user's initial login directory. User name and user ID. Audit ID and audit flag for the user whether audit is on or not. Password expiration time, after which the password must be changed. Password lifetime, after which the account is locked. Time of last successful and unsuccessful password changes.
Absolute time date when the account will expire. Maximum time allowed between logins before the account is locked.
0コメント