security - security defaults configuration file
A number of system commands and features are configured based on
certain parameters defined in the /etc/default/security configuration
file. This file must be world readable and root writable.
Each line in the file is treated either as a comment or as
configuration information for a given system command or feature.
Comments are denoted by a # at the beginning of a line. Noncomment
lines are of the form, parameter=value.
If any parameter is not defined or is commented out in this file, the
default behavior detailed below will apply.
Parameter definitions, valid values, and defaults are defined as
This parameter controls login behavior if a user's home
directory does not exist. This is applicable only for
ABORT_LOGIN_ON_MISSING_HOMEDIR=0 Login with '/' as
the home directory if the user's home directory does
ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login
session if the user's home directory does not exist.
Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0
This parameter controls the minimum length of new
passwords. It is not applicable to the root user on a
MIN_PASSWORD_LENGTH=N New passwords must contain at
least N characters. For untrusted systems N can be any
value from 6 to 8. For trusted systems N can be any
value from 6 to 80.
Default value: MIN_PASSWORD_LENGTH=6
NOLOGIN This parameter controls whether non-root login can be
disabled by the /etc/nologin file.
NOLOGIN=0 Ignore the /etc/nologin file and do not
exit if the /etc/nologin file exists.
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
NOLOGIN=1 Display the contents of the /etc/nologin
file and exit if the /etc/nologin file exists.
Default value: NOLOGIN=0
This parameter controls the number of logins allowed
per user. This is applicable only for non-root users.
NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are
allowed per user.
NUMBER_OF_LOGINS_ALLOWED=N N number of logins are
allowed per user.
Default value: NUMBER_OF_LOGINS_ALLOWED=0
This parameter controls the password history depth. A
new password is checked only against the number of most
recently used passwords stored in password history for
a particular user. A user is not allowed to re-use a
previously used password.
PASSWORD_HISTORY_DEPTH=N A new password is checked
against only the N most recently used passwords for a
A configuration of password history depth of 2 prevents
users from alternating between two passwords. The
maximum password history depth supported is 10 and the
minimum password history depth supported is 1. A depth
configuration of more than 10 will be treated as 10,
and a depth configuration of less than 1 will be
treated as 1.
The password history depth configuration is on a system
basis and is supported in trusted system for users in
files repository only. This feature does not support
the users in NIS or NISPLUS repositories. Once the
feature is enabled, all the users on the system are
subject to the same check. If this parameter is not
configured, the password history check feature is
automatically disabled. When the feature is disabled,
the password history check depth is set to 1.
A password change is subject to all of the other rules
for a new password including a check with the current
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
Default value: PASSWORD_HISTORY_DEPTH=1
This parameter defines the root group name for the su
command. Refer to su(1).
SU_ROOT_GROUP=group_name The root group name is set to
the specified symbolic group name. The su command
enforces the restriction that a non-superuser must be a
member of the specified root group in order to be
allowed to su to root. This does not alter password
Default value: If this parameter is not defined or if
it is commented out, there is no default value. In
this case, a non superuser is allowed to su to root
without being bound by root group restrictions.
This parameter defines a new default PATH environment
value to be set when su is done. Refer to su(1).
The PATH environment variable is set to new_PATH when
the su command is invoked. Other environment values are
not changed. The path value is not validated. This is
applicable only when the "-" option is not used along
with su command.
Default value: PATH is not changed.
security was developed by HP.
init(1M), login(1), passwd(1), su(1).
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000