HP Sentry manual Fitzgerald & Long

1.Null Passwords Allowed - The default of this field is “N”. When set to “N”o, each user must have a password. If this field is set to “Y”es, you may create a user with a null password. For good security, passwords should be mandatory. This field controls the data entry program for creating new users. When creating a new user through the SENTRY data entry programs you will be REQUIRED to enter a password for the user or allow SENTRY to generate one for you if this field is set to “N”. This is not a UNIX parameter. It is used only by SENTRY. This field accepts the values “Y” or “N”.

2.Minimum Password Length - This is a UNIX parameter as well as one used by SENTRY when new users are created. The minimum password length may be 0 (zero) to “your maximum value” in length. However, most UNIX systems do not recognize more than 8 (eight) characters. More than 8 are ignored. The recommended and default value for this field is 6. Using at least 6 characters decreases the possibility that someone might guess a password or that a “break-in” might occur through computer generated guesses. A six character password is also short enough so that a user is not overly taxed to remember it (without writing it down). This field accepts only integer values 0 - 16.

3.Maximum Password Length - The UNIX limit is normally 8 characters. Your system may simply ignore any characters after the eighth one. The default and recommended value for this field is 8. This field accepts only integer values 0 - 16. The maximum value must be equal to or greater than the minimum password length value.

4.Enable Custom User Attributes: - Because the various flavors of UNIX offer different options for controlling passwords and login ids, Sentry manages these options via the “Custom User Attributes” interface. When your version of Sentry was installed this parameter was set to “Y” if your system offered additional options which most every system does.

5.Password Format Mask - This field is used by the User Profile data entry screen if you use SENTRY’s generate new password option in the password field. If you plan to use this functionality you may select a “mask” of either ALPHA or ALPHANUM which generates either alphabetic or alphanumeric passwords. SENTRY will generate either a string of alphabetic characters such that the password is alternating consonants and vowels for the length of the string defined by the Minimum Password Length (selection 2 in this screen), or a string of characters beginning with an alphabetic character and containing at least one numeric. If this field is set to null or ALPHA, only alphabetic characters will be used. If the field is set to ALPHANUM, the generated password will contain at least one embedded numeric. The default and recommended value is ALPHA which will generate a string of alphabetic characters, the length defined by the Minimum Password Length field. If the minimum length field is 0 or null, a password of 6 characters will be used unless otherwise specified when the “G”enerate command is used in the password field of the User Profile data entry screen.

You may also control the case of generated passwords by adding either “,LC” or “,UC” to the password format field. The default is for generated passwords to be all lower case.

Many UNIX systems require that passwords must meet the following requirements:

∙Each password must have at least six characters. Only the first eight characters are significant.

Fitzgerald & Long