Browse Prior Art Database

AIX users password expiration tool Disclosure Number: IPCOM000020684D
Original Publication Date: 2003-Dec-09
Included in the Prior Art Database: 2003-Dec-09
Document File: 2 page(s) / 51K

Publishing Venue



The present publication is directed to a tool for managing AIX users password expiration.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

AIX users password expiration tool

This tool is designed for an AIX environment. AIX is the IBM operating system for RISC System/6000. AIX and RISC System/6000 are trademarks of IBM corporation. In the AIX environment, /etc/passwd and /etc/security/passwd files maintain the user passwords. A correct password management requires a good user education. However, for more security, AIX offers configurable password restrictions. The system administrator has the possibility to define rules concerning the choice of passwords and can force users to regularly change their passwords. These restrictions are recorded in the /etc/security/user attribute file and are enforced whenever a new password is chosen by a user. Password restrictions can be personalised for each user. However, it is also possible to apply the same restrictions to all users. These common rules are defined in the "default stanza" of the /etc/security/user file. A clean password security requires a similar protection for all passwords.

The restrictions that can be applied to passwords can be the following: minage Minimum number of weeks before a password can be changed. maxage Maximum number of weeks before a password must be changed. maxexpired Maximum number of weeks beyond maxage (maximum number of weeks before a password must be changed) before an administrative must change the password. (the AIX "super user" (Root) is exempt from this restriction)
minalpha Minimum number of alphabetic characters a new password must contain.
minother Minimum number of non alphabetic characters a new password must contain. (Other characters are ASCII printable characters that are not alphabetic and are not national language code points).
minlen Minimum number of characters a new password must contain.

Note: The minimum length of a password in the system is minlen or minalpha plus minother, whichever is the greatest. The maximum length of a password is eight characters. minalpha plus minother should never be greater than eight. If minalpha plus minother is greater than eight, then minother is reduced to eight minus minalpha.

maxrepeats Maximum number of times a same character can appear in the new password.
mindiff Minimum number of characters in the new password that must be different from the characters in the old password.
histexpire Number of weeks before a user can reuse a password.