I am trying to establish password syntax requirements on a GS140 server, 8
EV6 processors, 8GB of memory, 3TB of disk space, running Tru64 version 4.0F
Patch Kit 3. I have upgraded the system security from BASE to C2 Enhanced
and now I need to do the following:
Many thanks for the quick replys from:
Ray Wolfers, William H. Magilll, Nikola Milutinovic and Carl Gaines
Ray wrote:
You can customize the C2 password checking program to implement any password
policy you want.
The security template stored in /etc/auth/system/default has a field
d_pw_site_callout that defines the hook for password checking, which by
default is /tcb/bin/pwpolicy. This is an executable script that gets run
every time a C2 password is changed. Have a look at it.
All you need to do is replace /tcb/bin/pwpolicy with your own script. We use
a perl script to implement our password policy. If you have only one machine
with C2 this is easy. If you have many machines that need the same password
policy, then you will have to manually duplicate that file (rdist is good
for this).
William wrote:
To get unique password vetting, you basically have to write your own...
Change "d_pw_site_callout" in default to point to your code...
/usr/tcb/bin/edauth -g -dd default
See things like:
man sia_validate_user
The Security manual.
Nikola wrote:
All of what you need can be acomplished vie an external program, which
can be registered (I'm not sure how, I've never done it) with C2sec
modules, so that they invoke that program on each atempted password
change. Our manuals are not handy, at the moment.
Carl wrote:
I've written a c program called site_policy.c that can be modified
to do exactly what you want. It works within the enhanced security system.
The current version makes sure you have one alpha character and one
numeric character and the password and userid cannot be the same.
----- End of responses -----
I will be working with Carl Gaines to get his C program modified and
implemented.
Many Thanks To all that replied,
Dennis Peacock
Acxiom Corporation
----- original message below -----
The new password requirements are:
a. the password cannot contain more than (2) consecutive repeating
characters
b. Must contain at least (1) alphabetic character
c. must contain at least (1) character not found in the previous password
d. must contain at least (1) non-alphabetic character
My problem is that I can NOT find how to set these under Tru64. Here are
the settings like "minlen", miminum length, that was provided as a result of
the security audit with what setting to set:
a. (maxrepeats)
b. (minalpha)
c. (mindiff)
d. (minother)
I was able to set "minlen" as it is found in the Tru64 Security manual.
Any suggestions and assistance would be greatly appreciated.
Received on Mon Nov 06 2000 - 02:59:41 NZDT