password policy for new user

dehetoxic · November 11, 2011, 3:20pm

hi folk,

i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters.

# useradd testing 
# passwd testing
New Password:
Re-enter new Password: 
passwd: password successfully changed for testing

useradd <<<<<< error, it didnt ask for any special character, the username should has 1 numberic or special characters
passwd <<<< error, it didnt ask for any special character, the password should contains special characters

please helps ?

MINALPHA=4
MINDIFF=7
MINDIGIT=1
MINSPECIAL=1
MINUPPER=2
MINLOWER=2
MAXREPEATS=1
WHITESPACE=YES
NAMECHECK=YES
DICTIONDBDIR=/var/passwd
DICTIONLIST=/usr/share/lib/dict/words
HISTORY=12
MINWEEKS=NONE
MAXWEEKS=4
WARNWEEKS=NONE
PASSLENGTH=8

jlliagre · November 11, 2011, 3:55pm

Password policies are enforced for regular users but not for root which is the account you are using here.

dehetoxic · November 11, 2011, 4:07pm

Thanks, but only as root I can add user, not regular users. How do I test my policy ?

adm@testbank> useradd testing
UX: useradd: ERROR: Permission denied.

jlliagre · November 11, 2011, 4:38pm

Create a user as root then test your policy under that user's account.

dehetoxic · November 11, 2011, 5:11pm

thanks, but how do I enforce when the user or root add the new user, it should include 1 numberic char ?

because right now, when i add a newuser, it didnt ask for the numberic char should be included.

# useradd testing

jlliagre · November 11, 2011, 5:22pm

I'm afraid you missed an important fact so let me rephrase it:
password policies aren't enforced when you are root.

dehetoxic · November 11, 2011, 5:57pm

apologies for the trouble, but even-thought i'd created the user "testing", i still can't create a new user without root permission ?

testing@testbank> useradd testing2
UX: useradd: ERROR: Permission denied.

i mean, i need to test when create the new user, the username should include numberic char

jlliagre · November 12, 2011, 2:01am

You can't do that. The password policy is there to check users changing their own passwords, not to restrict the administrator's privileges.

However, achieving what you want is quite simple. As root, first set the password to a temporary one then substitute your account to the target user account and update its password.