DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Administering user accounts

About password restrictions

Passwords are subject to the following restrictions:

Allowing accounts without passwords

Two parameters located in /etc/default/passwd control the existence of passwords:


PASSREQ
If set to YES, all users must have a password. Any user without a password is asked for one at the first opportunity permitted by the password expiration set for that user. (That is, users without passwords cannot change their NULL passwords if password aging is enabled for them and the minimum time before a password can be changed has not elapsed.)

MANDPASS
When set to YES, this keyword makes passwords mandatory for all logins (overriding PASSREQ).
Accounts without passwords are a major security risk.


WARNING: Removing the requirement for passwords does not delete existing passwords. The administrator must change each password as described in ``Setting or changing a user password'' using the Remove Password button or the passwd(1) command.

Disallowing password changes

To stop a user from changing their password, use this command:

passwd -n 2 -x 1 login_name

This sets the password lifetime to less than the number of days permitted between changes, thus preventing changes from being made.

Setting password length

Password length is controlled by the PASSLENGTH parameter. This can be set using the System Defaults Manager or the defadm(1M) command:

defadm passwd PASSLENGTH=value

The maximum length is 80 characters.


Next topic: Setting passwords for dial-in lines
Previous topic: Controlling password selection

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004