Friday 31 August 2012

Aix New Password Restrictions


In recent versions of AIX new password restrictions have been created.

New AIX Password Restrictions

 As system administrators are asking for more restrictions on user account passwords, AIX has added new features to accommodate them.

 Starting in AIX 7.1 (7100-00-00), AIX 6.1 TL 6 (6100-06-00), and VIOS 2.2 the following new password features have been added.

 Disallow User Name In Password
If the existing attribute “dictionlist” is used in /etc/security/user to not allow new passwords that match words in a dictionary, the string $USER can be inserted into the dictionary file. After this, any user changing their password will not be allowed to use any form of their username in the password, in upper case, lower case, or mixed case.
For example user “root” could not use these passwords:
123root
rootabc
RooTabc

 The typical dictionary on AIX is /usr/share/dict/words, which is included in the fileset “bos.data”. This fileset is not usually installed but can be added after the OS is installed.

 Disallow A Pattern In The Password
Again, using the existing dictionlist attribute, a pattern consisting of a regular expression can be added to the dictionary file and thereby excluded as part of a password. This can be generalized by using the asterisk * as the first character, to differentiate between a pattern and a dictionary word.

 For example the pattern *123 in the dictionary file will disallow any password containing the string “123″ anywhere in it.

 New Password Parameters
New parameters have been added to /etc/security/user file to assist administrators in more finely tuning the passwords users can have.

 minloweralpha
Defines the minimum number of lower case alphabetic characters in a new password.
Default: 0 (no minimum)
Range: 0 to 8

 minupperalpha
Defines the minimum number of upper case alphabetic characters in a new password.
Default: 0 (no minimum)
Range: 0 to 8

 mindigit
Defines the minimum number of digits in a new password.
Default: 0 (no minimum)
Range: 0 to 8

 minspecialchar
Defines the minimum number of special characters in a new password.
Default: 0 (no minimum)
Range: 0 to 8


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)