unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 security(4)							 security(4)




 NAME
      security - security defaults configuration file

 DESCRIPTION
      A number of system commands and features are configured based on
      certain parameters defined in the /etc/default/security configuration
      file.  This file must be world readable and root writable.

      Each line in the file is treated either as a comment or as
      configuration information for a given system command or feature.
      Comments are denoted by a # at the beginning of a line.  Noncomment
      lines are of the form, parameter=value.

      If any parameter is not defined or is commented out in this file, the
      default behavior detailed below will apply.

      Parameter definitions, valid values, and defaults are defined as
      follows:

	   ABORT_LOGIN_ON_MISSING_HOMEDIR
		     This parameter controls login behavior if a user's home
		     directory does not exist.	This is applicable only for
		     non-root users.

		     ABORT_LOGIN_ON_MISSING_HOMEDIR=0	Login with '/' as
		     the home directory if the user's home directory does
		     not exist.

		     ABORT_LOGIN_ON_MISSING_HOMEDIR=1	Exit the login
		     session if the user's home directory does not exist.

		     Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0

	   MIN_PASSWORD_LENGTH
		     This parameter controls the minimum length of new
		     passwords.	 It is not applicable to the root user on a
		     untrusted system.

		     MIN_PASSWORD_LENGTH=N   New passwords must contain at
		     least N characters.  For untrusted systems N can be any
		     value from 6 to 8.	 For trusted systems N can be any
		     value from 6 to 80.

		     Default value: MIN_PASSWORD_LENGTH=6

	   NOLOGIN   This parameter controls whether non-root login can be
		     disabled by the /etc/nologin file.

		     NOLOGIN=0	 Ignore the /etc/nologin file and do not
		     exit if the /etc/nologin file exists.




 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 security(4)							 security(4)




		     NOLOGIN=1	 Display the contents of the /etc/nologin
		     file and exit if the /etc/nologin file exists.

		     Default value: NOLOGIN=0

	   NUMBER_OF_LOGINS_ALLOWED
		     This parameter controls the number of logins allowed
		     per user.	This is applicable only for non-root users.

		     NUMBER_OF_LOGINS_ALLOWED=0	  Any number of logins are
		     allowed per user.

		     NUMBER_OF_LOGINS_ALLOWED=N	  N number of logins are
		     allowed per user.

		     Default value: NUMBER_OF_LOGINS_ALLOWED=0

	   PASSWORD_HISTORY_DEPTH
		     This parameter controls the password history depth.  A
		     new password is checked only against the number of most
		     recently used passwords stored in password history for
		     a particular user.	 A user is not allowed to re-use a
		     previously used password.

		     PASSWORD_HISTORY_DEPTH=N	A new password is checked
		     against only the N most recently used passwords for a
		     particular user.

		     A configuration of password history depth of 2 prevents
		     users from alternating between two passwords.  The
		     maximum password history depth supported is 10 and the
		     minimum password history depth supported is 1.  A depth
		     configuration of more than 10 will be treated as 10,
		     and a depth configuration of less than 1 will be
		     treated as 1.

		     The password history depth configuration is on a system
		     basis and is supported in trusted system for users in
		     files repository only.  This feature does not support
		     the users in NIS or NISPLUS repositories.	Once the
		     feature is enabled, all the users on the system are
		     subject to the same check.	 If this parameter is not
		     configured, the password history check feature is
		     automatically disabled.  When the feature is disabled,
		     the password history check depth is set to 1.

		     A password change is subject to all of the other rules
		     for a new password including a check with the current
		     password.





 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 security(4)							 security(4)




		     Default value: PASSWORD_HISTORY_DEPTH=1

	   SU_ROOT_GROUP
		     This parameter defines the root group name for the su
		     command.  Refer to su(1).

		     SU_ROOT_GROUP=group_name The root group name is set to
		     the specified symbolic group name.	 The su command
		     enforces the restriction that a non-superuser must be a
		     member of the specified root group in order to be
		     allowed to su to root.  This does not alter password
		     checking.

		     Default value: If this parameter is not defined or if
		     it is commented out, there is no default value.  In
		     this case, a non superuser is allowed to su to root
		     without being bound by root group restrictions.

	   SU_DEFAULT_PATH
		     This parameter defines a new default PATH environment
		     value to be set when su is done.  Refer to su(1).

		     SU_DEFAULT_PATH=new_PATH

		     The PATH environment variable is set to new_PATH when
		     the su command is invoked. Other environment values are
		     not changed. The path value is not validated. This is
		     applicable only when the "-" option is not used along
		     with su command.

		     Default value: PATH is not changed.

 AUTHOR
      security was developed by HP.

 FILES
      /etc/default/security

 SEE ALSO
      init(1M), login(1), passwd(1), su(1).














 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000