About password restrictions
Passwords are subject to the following restrictions:
-
Each password must have at least PASSLENGTH
characters as defined in /etc/default/passwd.
PASSLENGTH must be at least 3.
-
Each password must contain at least two alphabetic
characters and at least one numeric or special
character. (In this case, alphabetic includes all
uppercase and lowercase letters.)
-
Each password must differ from the user's login name and
any reverse or circular shift of that login name.
(Corresponding uppercase and lowercase letters are
considered equivalent.)
-
A new password must differ from the old one by at least
three characters.
Allowing accounts without passwords
Two parameters located in /etc/default/passwd
control the existence of passwords:
PASSREQ-
If set to YES, all users must have a password.
Any user without a password is asked for one
at the first opportunity permitted by
the password expiration set for that user.
(That is, users without passwords
cannot change their NULL passwords
if password aging is enabled for them
and the minimum time before a password can be changed
has not elapsed.)
MANDPASS-
When set to YES, this keyword
makes passwords mandatory for all logins
(overriding PASSREQ).
Accounts without passwords are a major security risk.
WARNING:
Removing the requirement for passwords does not delete
existing passwords. The administrator must change each
password as described in
``Setting or changing a user password''
using the Remove Password button
or the
passwd(1)
command.
Disallowing password changes
To stop a user from changing their password, use this command:
passwd -n 2 -x 1 login_name
This sets the password lifetime to less than the number of days
permitted between changes, thus preventing changes from being made.
Setting password length
Password length is controlled by the PASSLENGTH
parameter. This can be set using the
System Defaults Manager
or the
defadm(1M)
command:
defadm passwd PASSLENGTH=value
The maximum length is 80 characters.
Next topic:
Setting passwords for dial-in lines
Previous topic:
Controlling password selection
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004