IBM AIX Security: Customizing Password Minimum Length

Question & Answer

Question

How can I customize the minimum length of a user's password?

Answer

In the /etc/security/user file, you may customize the values for password minimum length. In this file, the parameter that defines the minimum length of a password is 'minlen', whose default value is 0. Changing the value of 'minlen' can be done by running:

# chsec -f /etc/security/user -s default -a "minlen=XXX"

where XXX can be the value of your choice.

Please note the following security information for passwords longer than 8 characters:

/etc/security/login.cfg has a 'pwd_algorithm' option. By default, it is not populated, and it automatically defaults to DES/crypt style password hashing. This method only considers the first 8 characters of a password, and thus is not recommended to be used.

You may specify for the system to employ alternative password hashing methods, such as blowfish, or ssha256, or others (please see /etc/security/pwdalg.cfg file). The blowfish method only supports 72 characters, while other methods will support 255 characters. For example, in login.cfg, you may set 'pwd_algorithm = ssha256' and the system will begin using this more secure hashing method:

# chsec -f /etc/security/login.cfg -s usw -a "pwd_algorithm=ssha256"

These details may be further referenced here: https://www.ibm.com/support/pages/node/960582

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Tips

IBM AIX Security: Customizing Password Minimum Length

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?