AIX Security Expert Password Policy Rules group
AIX® Security Expert provides specific rules for password policy.
Strong password policies are one of the building blocks for achieving system security. Password policies ensure that passwords are difficult to guess (passwords have a proper mix of alphanumeric characters, digits, and special characters), expire regularly, and are not reusable after expiration. The following table lists the password policy rules for each security setting.
| Action button name | Definition | Value set by AIX Security Expert | Undo |
|---|---|---|---|
| Minimum number of characters | Sets appropriate value to mindiff attribute of /etc/security/user, which specifies the minimum number of characters required in a new password that were not in the old password. |
|
Yes |
| Minimum age for password | Sets appropriate value to minage attribute of /etc/security/user, which specifies the minimum number of weeks before a password can be changed. |
|
Yes |
| Maximum age for password | Sets appropriate value to maxage attribute of /etc/security/user, which specifies the maximum number of weeks before a password can be changed. |
|
Yes |
| Minimum length for password | Sets appropriate value to minlen attribute of /etc/security/user, which specifies the minimum length of a password. |
|
Yes |
| Minimum number of alphabetic characters | Sets appropriate value to minalpha attribute of /etc/security/user, which specifies the minimum number of alphabetic characters in a password. |
|
Yes |
| Password reset time | Sets appropriate value to histexpire attribute of /etc/security/user, which specifies the number of weeks before a password can be reset. |
You can assign integer value between 0 and 260 to the histexpire attribute. You can assign the value of 26 to the histexpire attribute and user will not be able to reuse a password for 6 months. |
Yes |
| Maximum times a char can appear in a password | Sets appropriate value to maxrepeats attribute of /etc/security/user, which specifies the maximum number of times a character can appear in a password. |
|
Yes |
| Password reuse time | Sets appropriate value to histsize attribute of /etc/security/user, which specifies the number of previous passwords that a user cannot reuse. |
|
Yes |
| Time to change password after the expiration | Sets appropriate value to maxexpired attribute of /etc/security/user, which specifies the maximum number of weeks after maxage that an expired password can be changed by the user. |
|
Yes |
| Minimum number of non-alphabetic characters | Sets appropriate value to minother attribute of /etc/security/user, which specifies the minimum of non-alphabetic characters in a password. |
|
Yes |
| Password expiration warning time | Sets appropriate value to pwdwarntime attribute of /etc/security/user, which specifies the number of days before the system issues a warning that a password change is required. |
|
Yes |