Was wondering if anyone could answer two quick questions... 1) What is the best way to impliment password triviality checking and also checking to make sure a user does not use the same password twice. 2) is there any nice software out there to manage users on multiple machine as far as security and accounts. Both questions are for HP UX
On HPUX, actually if you do a man on "security"... you can create a file called /etc/default/security and edit it with the parameters you desire in the manpage ...
it shows how you can implement passwd depth security and passwd length security as well as minimum length...
PASSWORD_HISTORY_DEPTH=N A new password is checked
against only the N most recently used passwords for a
particular user.
A configuration of password history depth of 2 prevents
users from alternating between two passwords. The
maximum password history depth supported is 10 and the
minimum password history depth supported is 1. A depth
configuration of more than 10 will be treated as 10,
and a depth configuration of less than 1 will be
treated as 1.
Are you running you HPUX systems in Trusted mode? (just curious)
NIS+ would work, but I've tended to steer away from Yellow Page systems in favor of Secure LDAP for centralized user administration. You can couple both with Kerberos for an even tighter rein. If you use sudo (or RBAC), you can also integrate rights management with LDAP - something that lends itself to a nice automated firecall system.
As for password policies etc. There are (and always will be) numerous debates on how much is too much. If you make it too complicated, you are bound to have users writing their passwords down (and placing them under their keyboards).