Hi again !
Here's my very own solution, aided by the inspiring and informative
directions from
the following treasure-trove:
http://www.zdv.uni-mainz.de/extern/DU_5.0/HTML/ARH8WATE/BSSYSTMX.HTM
Quotation:
(...)
5.3.6.1 Shadow Password Mode Requires 8 Character Passwords
When you configure Enhanced security in Shadow Password mode, the default
settings restrict a user changing his password to a password of exactly 8
characters. Attempts to enter passwords of different sizes produce the error
the following error message:
Password must be from 8 to 8 characters long
You can change this by setting the system default settings in the
/etc/auth/system/default file, using the edauth utility. The u_newcrypt
field defines the cryptographic algorithm used on password changes. The
default setting of 2 causes the maximum password length to be restricted to
8 characters, which is the maximum that the BSD cryptographic algorithm can
accept. Changing the u_newcrypt field to 0 invokes the bigcrypt algorithm
which allows the value of the u_maxchosen field to determine the maximum
password length.
The 8 character minimum occurs because the u_minchosen field defaults to
zero. Zero specifies to compute a minimum according to Green Book rules. The
computed minimum is 9. The minimum is therefore set to 8 because it would
exceed the maximum of 8 characters for the algorithm. You can easily change
this behavior by setting the u_minchosen field to a value other than zero.
Note that these defaults will change in a future release of Tru64 UNIX.
(...)
# vi /etc/auth/system/default
Make these changes (or other):
:u_minlen#4:
:u_maxlen#80:
:u_newcrypt#0:
Optional:
# edauth root
Adapt the settings if necessary.
Also try the GUI:
# /usr/bin/X11/dxaccounts &
The rest of my questions are still up for grabs ...
By the way:
-----------
You really SHOULD install the special GOOGLE-bar from the
www.google.com Search Enginge. Search for "xyz" and find the installation
link
(if you're lucky) near the bottom line of the HTML-page (only for Internet
Explorer 5.x).
The tool allows you to easily search an entire site for keywords. A very
good tool indeed.
So long !
URS
-----Original Message-----
From: Urs.Gasser_at_BIT.admin.ch [mailto:Urs.Gasser_at_BIT.admin.ch]
Sent: Dienstag, 6. März 2001 11:02
To: tru64-unix-managers_at_ornl.gov
Subject: C2 Security -- implementing root password of 8 to 80 characters
u nder DU V 5.0
Hi everybody !
(1)
I am trying to implement a root password of 8 to 80 characters under DU V
5.0
(user-chosen passwords).
I have used the graphical tool "/usr/bin/X11/dxaccounts" to
set the password restrictions to 4 to 8 characters and that's the most I can
manage.
If I set the "Maximum Chosen Length" of the root password to 80 characters
(in the GUI),
this is just ignored by the "passwd" command on the command line.
Something simply overrides the new settings. How can this be changed?
Changing the "/etc/auth/system/default" manually doesn't help either.
(2)
And I'd also like to know how I can switch off the awkward options prompt
for "passwd" that
I've inadvertently switched on (how did I switch it on in the first place
?):
"
# passwd root
Last successful password change for root: Mon Mar 5 17:44:02 MET 2001
Last unsuccessful password change for root: Tue Mar 6 09:09:28 MET 2001
Do you want (choose one option only):
1 Pronounceable passwords generated for you
2 A string of characters generated for you
3 A string of letters generated for you
4 To pick your password
Select ONE item by number:
"
(3)
Third question:
----------------
How can the shadowed passwords be efficiently managed on the command line
(e.g. with scripts),
without the GUI ?
Which files are involved in connection with password settings and
restrictions
under C2 Security and DU V 5.x ?
Thank you very much for helping.
URS
mailto:urs.gasser_at_bit.admin.ch
----------------------------------------------------------------------------
----
Urs Gasser
Betriebszentrum Bereitstellung UNIX BZBX
Bundesamt fuer Informatik und Telekommunikation BIT
----------------------------------------------------------------------------
----
Post Monbijoustrasse 74, CH-3003 Bern
Telefon +41-31-322 26 39
Telefax +41-31-325 90 30
Internet urs.gasser_at_bit.admin.ch
X.400 G=urs; S=gasser; O=bit; A=admin; C=ch
----------------------------------------------------------------------------
----
Received on Tue Mar 06 2001 - 16:13:21 NZDT