SCO Unix ® FAQ section

Unix, Xenix and ODT General FAQ

This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open Desktop or Openserver.

There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

How can I increase the number of characters that are significant in passwords?

This is an ancient post with no relevance to modern systems.

(This applies to 3.2v4.x and up)

Two factors control passwords: the maximum length that a generated password can be, and how much of a password is significant.

Both parameters are in /etc/auth/system/default.

 default:\
        :d_name=default:\
        :u_pwd=*:\
        :u_priority#0:u_cmdpriv=audittrail,su,queryspace,printqueue,mem,terminal:\
        :u_syspriv=execsuid,nopromain,chmodsugid,chown:\
        :u_minchg#0:u_maxlen#80:u_exp#0:u_life#0:\
        :u_pickpw:u_genpwd:u_restrict@:u_nullpw:\
        :u_suclog#0:u_unsuclog#0:u_maxtries#99:u_lock:\
        :u_singleuserpswd:u_secclass=c2:u_integrity@:u_tcbpw@:\
        :u_pwseg#2:\
        :t_logdelay#1:t_maxtries#99:t_login_timeout#60:\
        :chkent:
 

In the above example, u_maxlen#80 means that generated passwords can be up to 80 characters long. That affects the password generator program only. The u_pwseg#2 limits the significance to 2 segments or 16 bytes (2 * 8). If you wanted 24 characters to be significant, you'd change it to u_pwseg#3.

Note that the u_maxlen doesn't stop you from telling the password program that you have a longer password-you can enter whatever you like. Also, if you aren't using the generator, all you need to change is u_pwseg to have more significant characters.

Thanks to Roger Cornelius for pointing out inaccuracies in the original article. I had thought that u_maxlen had to be equal or greater than u_pwseg * 8; they are completely unrelated.

You are supposed to be able to use useradd or usermod to change the significant segments for a specific user. According to the man page for useradd, this should work:

usermod -x "{ passwdSignificantSegments 2 }"  username
 

But I've found it just complains that there is no attribute "passwdSignificantSegments".

Recently Gerald Monds explained why I had that problem:

From the man pages... changing "passwdSignificantSegments"
is a system default change and not user specific. The
man pages say it cannot be used without "-D" So the
correct syntax should be

usermod -D -x "{passwdSignificantSegments 2}"

Comments?

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.