Oracle SolarisSolaris 11Solaris 11.3Solaris 11.4

How to enforce password complexity in Solaris

This tutorial focuses on how to enforce password complexity in Solaris OS.

If your question is one of the following, then this tutorial is for you:

  • Password Complexity in Solaris
  • Enforce Password Policy in Solaris OS
  • How to check password policy in Solaris 11
  • Solaris 11 password policy settings
  • Specifying Password Criteria and Defaults in Solaris

Enforce Password Complexity and Defaults in Solaris

To ensure the security of passwords on Solaris systems, you need to edit the /etc/default/passwd file and assign values to a series of settings that enforce length and complexity.

Let’s understand each complexity parameter:-

MAXWEEKS (or MAXDAYS)

The maximum number of days the password can be used without changing it. 

MINWEEKS (or MINDAYS)

The minimum number of days since the last change must pass before the password can be changed again. 

WARNWEEKS (or WARNDAYS)

The number of days’ notice that users are given before their passwords have to be changed. 

PASSLENGTH

PASSLENGTH controls the password length. It’s strictly a length measurement, not a complexity score.

NAMECHECK

NAMECHECK enables/disables login name checking. When set to YES, this setting causes the system to check whether the password and login name are identical.

HISTORY

HISTORY sets the number of prior password changes to keep and check for a user when changing passwords. It determines the length of the history buffer used to ensure that passwords are not repeated within a certain length of time. If HISTORY is set to 5, but MINWEEKS is set to 0, a person could change his password 5 times in succession and get back to the original password without wait.

Password complexity tunables:

  • MINDIFF
  • MINALPHA
  • MINNONALPHA
  • MINUPPER
  • MINLOWER
  • MAXREPEATS
  • MINSPECIAL
  • MINDIGIT
  • WHITESPACE

MINDIFF – Defines the minimum number of differences required between old and new passwords. This means that your users would have to change at least three characters when they create a new password.

MINALPHA – Defines the minimum number of alphabetic characters.

MINNONALPHA – Defines the minimum number of non-alphabetic characters that must be included in a password. Non-alphabetic includes both digits and special characters.

MINUPPER and MINLOWER – Define the minimum number of uppercase and lowercase characters required. You can require a certain number of letters using MINALPHA, but their case would not be considered unless one of these settings is also used.

MAXREPEATS – Determines the number of times you can consecutively use the same character (e.g., 111 or qqq).

MINSPECIAL – In a similar manner to MINDIGIT, MINSPECIAL determines how many special characters are needed.

MINDIGIT – Determines how many digits are required. If not set, no digits are required. However, if you have a MINNONALPHA setting, one digit or one special character would still be required.

WHITESPACE – Determines whether whitespace characters (blanks and tabs) are allowed in passwords.

DICTIONDBDIR (or DICTIONLIST )

You can also tell Solaris to use a word list to invalidate the use of words. This list can contain any type of words that you like, though it’s of little use if it isn’t fairly extensive. To use a file named /usr/share/lib/dict/words, you would type:

DICTIONLIST=/usr/share/lib/dict/words

 That’s it. You have learned about How to ensure Password complexity in Solaris OS.

Reference Links:-

0 0 votes
Article Rating

Prashanth Nimesh

I'm Prashanth Nimesh, a System Administrator with over 5 years of experience in the IT field and a B.Tech in Computer Science. My passion for technology and problem-solving led me to create The Geeks Hub, where I share my expertise in Linux, Solaris, and server management. As the main contributor, I aim to simplify complex tech topics and provide practical guides to help IT professionals and enthusiasts navigate the digital landscape with confidence.

Related Articles

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Back to top button