Passwd History in Solaris 8

amoorti · February 5, 2005, 3:52am

How to set passwd history feature in Solaris 8 to stop users from using their old passwords?

zazzybob · February 5, 2005, 4:07am

amoorti,

First let me say welcome to the forums, but please ensure that you read the rules. Crossposting is not permitted within the forums, so I have removed your duplicate post from the UNIX For Advanced and Expert Users forum.

I know you can enable password history under Solaris 10 but as far as Solaris 8 goes I'm unsure. One of the Solaris gurus will clear this up for you I'm sure. You could always try something like npasswd.

Cheers
ZB

pressy · February 7, 2005, 5:25am

hiho,
it is a default behavior in solaris 7,8 and 9 if aging is sufficient to ensure that the new password meets construcion requirements.
Passwords must be constructed to meet the following requirements:

*Each password must have PASSLENGTH characters, where PASSLENGTH is defined in /etc/default/passwd and is set to 6. Only the first eight characters are significant.
*Each password must contain at least two alphabetic characters and at least one numeric or special character. In this case, "alphabetic" refers to all upper or lower case letters.
*Each password must differ from the user's login name and any reverse or circular shift of that login name. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.
*New passwords must differ from the old by at least three characters. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.

so take a look into your /etc/default/passwd file where you can set these options:
MAXWEEKS; MINWEEKS; PASSLENGTH, WARNWEEKS
these rules do not effect the root account!

greetings pressy

amoorti · February 7, 2005, 6:49am

Hi Pressy,

I am not after aging. Password history is different, with it you can force users to reset their passwords and making sure that they do not use an old password for a specific period of time i.e users cannot use an old password for the last 12 months. I managed to do it for red hat linux by setting the remember field for the pam_unix.so module; however it does not work for solaris.

pressy · February 7, 2005, 7:26am

hmmm, i see....
such a history function is coverd in solaris10 with the HISTORY variable in your /etc/default/passwd, but the passwd in sol7-9 is not really timely. it only use 8 characters and "only" crypted with shadow, no md5 or 3DES like in linux. if you want such features follow the link of zazzybob.

gP