Topic
  • 4 replies
  • Latest Post - ‏2009-09-03T06:37:54Z by SystemAdmin
help4u
help4u
10 Posts

Pinned topic password policy

‏2009-08-28T12:04:32Z |
Hai,

Can you pl tell how to set miniumum uppercase and lowercase in password policy.
Updated on 2009-09-03T06:37:54Z at 2009-09-03T06:37:54Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6902 Posts

    Re: password policy

    ‏2009-08-31T03:08:33Z  
    On AIX, you can do additional testing for inadequate passwords using the pwdchecks sentence for the default user in /etc/security/user;
    e.g.

    pwdchecks = /etc/security/pwdrestrict

    You will have to write your own password checking program, but this isn't too difficult.
  • Casey_B
    Casey_B
    36 Posts

    Re: password policy

    ‏2009-08-31T14:01:32Z  
    On AIX, you can do additional testing for inadequate passwords using the pwdchecks sentence for the default user in /etc/security/user;
    e.g.

    pwdchecks = /etc/security/pwdrestrict

    You will have to write your own password checking program, but this isn't too difficult.
    Although you can't check for specifically uppercase and lowercase, in the same file /etc/security/user,
    you can set checks for minalpha, minother, minlen.

    That might be a good interim solution until you finish a more permanent solution.

    Hope this helps

    Casey
  • help4u
    help4u
    10 Posts

    Re: password policy

    ‏2009-09-01T05:30:07Z  
    • Casey_B
    • ‏2009-08-31T14:01:32Z
    Although you can't check for specifically uppercase and lowercase, in the same file /etc/security/user,
    you can set checks for minalpha, minother, minlen.

    That might be a good interim solution until you finish a more permanent solution.

    Hope this helps

    Casey
    Hai George,

    I appreciate your reply, pl provide the password program for reference.

    I am not strang in script and program.
  • SystemAdmin
    SystemAdmin
    6902 Posts

    Re: password policy

    ‏2009-09-03T06:37:54Z  
    • help4u
    • ‏2009-09-01T05:30:07Z
    Hai George,

    I appreciate your reply, pl provide the password program for reference.

    I am not strang in script and program.
    Hi,

    The enclosed pwdrestrict.c checks that:

    1. login is not same as password;
    2. password is not same as previous password;
    3. password contains at least one lower-case, upper-case, and digit character.

    We don't actually use the third check; added for you. You can further modify the requirements to suit your site. Compile details are in the comments.

    You can store the pwdrestrict executable in /usr/lib and change the default user to:
    pwdchecks = pwdrestrict
    or store it in /etc/security and change the default user to:
    pwdchecks = /etc/security/pwdrestrict

    Regards,

    George