Note:

Whenever you use the Administration utility to manage user accounts, you may see a message displayed in a box titled Security Information warning you that some unencrypted information may be transmitted over the network. Click on Continue to continue the operation.

You can temporarily disable this message by clearing the checkmark in front of Show This Alert Next Time. To enable the message, make sure your browser security preferences are set to display a message before submitting a form over an unsecured connection.

Specifying User Names

Note the following rules when specifying the user name for an account (or the user-name prefix for a generic account):

Use only alphabetic, numeric, or a combination of alphabetic and numeric characters.

Do not use nonalphanumeric characters (for example, spaces, colons, hyphens, underscores, or periods) in the user name.

Assigning Passwords to User Accounts

All user accounts have passwords. You can assign a password when you create an account for a named captive Internet Express account or for a UNIX system user. Alternatively, the Administration utility can generate the password for these accounts. (You do not assign passwords to generic captive accounts; the utility automatically generates the passwords for these accounts.)

To make a password more secure, make sure the password contains:

Between 8 and 64 characters

If you are not running ENHANCED (C2) security on your system, the password can be no more than 8 characters

A mixture of uppercase and lowercase letters

Unusual capitalization, symbols, or digits

Passwords that do not meet these criteria are rejected by the Administration utility.

Purging Obsolete Passwords

The passwords that the Administration utility automatically generates (for any type of account) are recorded in the ~iass/.users.list file.

If you specify a password for a named captive account or a UNIX account, the event is noted in this file, but the actual password is not recorded.

Entries are not automatically removed from the ~iass/.users.list file when you delete an account. If you do not periodically remove obsolete entries, this file can become large.

When you log in to the iass account and the ~iass/.users.list file exists, the menu item Manage .users.list is displayed. Use this function to view, print, or remove the recorded passwords.

Caution:

The passwords in ~iass/.users.list are not encrypted. Because these passwords are also recorded in encrypted form in /etc/passwd, you may want to consider removing them from

.users.list. Use caution when printing or displaying this data.

To ensure a secure system, require users to change their passwords regularly. See the Tru64 UNIX System Administration manual for information on how to change passwords.

Overview of User Accounts 39