Changing Password Complexity in Solaris 10 6-06

Similar Messages

• Password complexity not taking effect in solaris 10 u9

  Hi,
  I am testing the password complexity in solaris 10 u9 machine, But what ever parameters i gave for password parameters, like password length, username check etc, in /etc/default/passwd file , those are not getting affected
  Then i replaced the /usr/lib/security/pam_authtok_check.so.1 with the u10 version and tried changing the passwd of one user, it was working fine, with u6 /usr/lib/security/pam_authtok_check.so.1 also it was working fine,
  Is it an OS bug..? if so, what is the fix..?

  Hi,
  You can use Profilemanager in Mountain Lion to manage clients and set presets per client or user. It's inside the server.app for ios en osx as well
  Are your clients running mountain lion? Otherwise download workgroupmanager for mountain lion and see whether that will work for your environment.
  Let me know!
  Jeffrey

• AUDIT action (create, delete, privilege escalation, set and change password from users account and group) users and admins in Solaris 10

  Hello.
  in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
  I set settings:
  in file syslog.conf:
  *.info;mail.none;cron.none;audit.notice            @IP-Remote-syslog-server-SIEM
  in file   /etc/security/audit_control:
  dir:/var/audit
  flags:lo,ad,ex,cc,am,no,fc,fd
  minfree:20
  naflags:lo
  plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
  in file   /etc/security/audit_user:
  root:lo,ad:no
  Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
  Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
  Where is the mistake?

  You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
  And the fix is only available in S11.2.
  -- Renaud

• Windows 8.1 Password Complexity issue

  Hi All,
  We are running an AD Domain based on Server 2008 R2 and all of our Clients are Windows 8.1 with all of the latest security patches installed (last WSUS updates at 10-09-14)
  I am having an issues getting the Password must meet complexity requirements
  setting to work.
  I have applied it both at the Default Domain Policy Level and created another GPO that specifically Enables this option but it still won't work, the strange thing is that all the other password policy settings are working just fine.
  When running rsop.msc on my machine I can verify that the GPO settings have applied and the password complexity requirement is set to Enabled.
  As I mentioned before, the Password length requirement is working, I tried changing my password to cat and got the message that it did not meet requirements but i could change it to catcat which obviously doesn't meet password complexity requirements but
  does meet the 6 character length minimum that we have set.
  The even stranger thing is that this was working about 2 weeks ago when we first enabled it, I tested it and all was working as it should so does anyone know if any of this months Windows or Server updates that come down in WSUS have broken or changed the
  way this setting worked?
  *** I tried to post some pictures to show what i have set but i get the message Body text cannot contain images or links until we are able to verify your account so apologies for the lack of images showing what i have done.

  Am 07.10.2014 um 04:10 schrieb "Ali McMillan":
  > When running rsop.msc on my machine I can verify that the GPO settings
  > have applied and the password complexity requirement is set to Enabled.
  To check PW policies in a domain, run rsop on the PDC emulator. That's
  the only domain controller in the domain that will apply password
  policies to doimain accounts.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• How to disable change password in finder while connecting to a network computer?

  Hi folks,
  I'd like to disable the Change Password option that shows when I want to connect into a network computer:
  - Both users (client and server) are already running with parental controls set to "prevent(s) the user from changing their password in the Users & Groups preference pane".
  Thanks in advance.

  Hi,
  I am also facing the same issue and I am not able to su to root user as the password is expired. and the user I am currently logged in does not have permission to change the root password. I just want to know how I can change the root password now? I am connected to my SPARC Solaris 10 T1000 server through hyperterminal.
  The worst thing is that, I do not have IP to the server through which I can try ssh to the server and change the password. Please let me know the solution if you know.
  Thanks in advance.

• Reg; password reset in solaris

  Hi,
  Can anyone help me to reset one of my login password in solaris server .
  Actually, my password got expired and unix team has reset the password based on my request.Thereafter they have warned me to chnage the password using password -r, but I am unable to do so.
  Can any one help me in giving the complete command.
  I have tried twice in two ways, but no use --
  1) passwd -r username
  2)passwd -r existingpasswd
  But both the ways, No luck.
  can anyone share the exact coomand.please
  With regards,
  Srini

  Hi,
  I dont have root password.
  I have tried both ways, noluck
  sd1db01:oradb$ passwd oradb
  passwd: Unsupported nsswitch entry for "passwd:". Use "-r repository ".
  Unexpected failure. Password file/table unchanged.
  sd1db01:oradb$ passwd
  passwd: Changing password for oradb
  passwd: Unsupported nsswitch entry for "passwd:". Use "-r repository ".
  Unexpected failure. Password file/table unchanged.
  sd1db01:oradb$
  With Regards,
  Srini

• Will remote users be impacted by password complexity in AD?

  How does Password Complexity affect remote user once the password has expired? When they attempt to
  connect via Windows 7 Remote Desktop Connection to our shared drives, they will get the notification but how to change it since the machine is not connected to the domain? Since we also use MS Exchange, I read one workaround was to change the password via
  the Exchange Webmail. Would that be accurate? Thanks!

  Hi
  We have just rolled out a new MDM platform which uses Active Sync in our Exchange 2010 environment. We've had a number of issues when users change their AD password on their desktop computer. 
  The most alarming one however is some users are experiencing delays of over a week before their phone prompts them to update their e-mail account password to match their new AD password.
  I understand from the research I've done that Exchange Active Sync is designed in this manner, such that it holds the session keys open for up to 24 hours, but usually resets within an hour or two, so that the old and new passwords are both accepted for
  a short time.
  But a week is excessive. In fact, I had one user who was NEVER prompted to update their password, and was still receiving e-mail 9 days after changing their AD pass. As a test, I did an IISRESET on both our Exchange CAS-role servers, and his phone immediately
  prompted him to update his pass and denied email delivery until he did so.
  Clearly there is something wrong with our IIS configuration, this can't be by design, can it? Are there some specific settings in IIS that is causing the sessions to stay open for weeks? Or do I need to setup a scheduled task to reset IIS every 8 hours (that
  seems a tad ridiculous). This must be a security concern?
  Same issue before you starting using the MDM product?
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• AIP-SSM20:Can't change password -- Please help

  I reset the password using  hw-module command.  But now I can't change the default password of  cisco.  it is rejecting any password combination i tried, uppercase,  lower case, numbers, and non-alphanumerics.  It is probably the password  requrement policy I put in before.  How can I get around this or  restore default confiration?
  thank you.
  login: cisco
  Password:
  You are required to change your password immediately (password aged)
  Changing password for cisco
  (current) password:
  New password:
  BAD PASSWORD: is too simple
  New password:
  BAD PASSWORD: is too simple
  New password:
  Mod Card Type                                    Model              Serial No.
    1 ASA 5500 Series Security Services Module-20  ASA-SSM-20         JAF1204AQHT
  Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
    1 001e.7a36.7aba to 001e.7a36.7aba  1.0          1.0(11)2     7.0(5a)E4
  Mod SSM Application Name           Status           SSM Application Version
    1 IPS                            Up               7.0(5a)E4
  Mod Status             Data Plane Status     Compatibility
    1 Up                 Up

  I got it.  It took a 24 character long complex passowrd.  When Ifinelly got in, I checked password requirement . All the settings were to the defaults. it suprise me quite.
  thank you Mohammad.

• Password Complexity problems on fresh install of Server 2012 R2, This has not been answered before....

  Hello all,
  I have a problem that I can't find the solution to. I have found others with the same problem but the answers provided to them were not the exact situation I am in currently. Please read all the text and see if you can answer this...
  I downloaded a copy of Windows Server 2012 R2. I am installing it on a stand alone PRE OWNED server which is a Dell R900 quad quad core server with 16gb ram and 500gb drive. The drive has been initialized and configured perfectly and windows server has been
  loaded.
  Upon the start of it, the screen appears that tells you to change your password for the admin account. Upon putting ANY (and I do mean ANY) password in there regardless of the complexity, the machine comes back with ..." The password you typed does
  not meet the password complexity requirements set by the administrator for your network or group. Get the requirements from your administrator, and then type a new password."
  I have tried new drives with no luck, I have tried everything that one can try on this (except the right thing of course). My guess is that the machine retained some crazy complex password file and stored it in an EEprom on board. If this was a factory fresh
  machine, I would guess that this wouldn't be an issue as there was no file created yet that the machine is running it's scripted denial from. So... Does anyone have the exact method for eradicating this file or changing the domain controller or file that
  controls this complexity problem WITHOUT HAVING TO LOG INTO THE MACHINE since as I said, you can't log into it. I even tried to go in through Linux to find the password in the SAM and since it's a new copy of windows, and there is no passwords in there, it
  couldn't find the file since the admin acct wasn't set up yet (but that domain controller is working it's butt off and keeping me out I tell ya! lol)
  Any help would be appreciated more than you know! ...Scott

  Hello Phillip,
  Thanks for the reply! Yes, the drive was put in the machine with no other drives (500gb SAS) and installed/initialized without incident. The DVD was put in the DVD drive and the OS was installed on the machine. As the machine starts up again after
  install (reboots) the text comes up that says that you have to change the password on the administrator account due to this being the first install of the OS. I put in a password, and then put it in again, then get the statement about the password being entered
  doesn't meet the complexity level set on the domain controller and to contact the admin of the network. I then looked up what that was referring to and used a series of passwords that should have worked as they matched the exact complexity that windows stated
  in their tech knowledge base. Such as ... P@ssw0rd and another like Pass\/\/0rd!! as well as quite a few others with various names and symbols. Each time meeting or exceeding the 8 chars with upper and lower case with symbols
  present. Each and every time that complexity statement in yellow comes up.
  I tried changing and initializing 2 more disks and downloading another copy of windows server 2012 R2 and tried it all again. Still the exact same thing. I have never seen anything like this before. I have installed windows server 2003 and 2008 in the past
  many times without errors like this but this one really has me beat as to what is wrong.
  I read a tidbit on a way to go to DOS and take some files from the DVD and copy them to certain locations on the drive the OS is installed on. That is supposed to write over the files that provide the complexity issues but where ever I saw it, they didn't
  go into detail as to what exactly to do. I know others have had the same problem in the past but every answer I can see either doesn't address the question or provides the wrong answer altogether.
  That's why I am posting here in a last ditch effort to save this project since the same exact problem is happening when I tried to install windows server 2008 R2 as well. I thought I may be able to just go with 2008 and get that running without the issue
  but when I wipe the drives completely, and reinstall onto the drive the 2008 version, the exact same thing comes up.
  If you have a solution, I would love to hear it! Thanks again...Scott

• Users Cannot Change Passwords on a Server 2012 R2 RDS Farm

  Hello I have a Server 2012 R2 RDS Farm consisting of 1 server that has connection broker and gateway configured and 4 RDS Session Hosts. The works great I even have a separate remote app farm to distribute the apps to the servers, my main issue is passwords
  and the lack of the EU ability to change these, listed below are my symptoms.
  Users password has expired denied logon instantly with no ability to change password.
  User tries to change password whilst in 30 day warning period using ctrl alt end the user is advised the password does not meet complexity requirements I have checked this and they do meet them.
  Expired passwords can be changed via the RDWeb site however this is not an option for us.
  Chris

  Hi,
  Firstly, based on my knowledge, remote users may have to change their passwords before expired. If not, they have to use OWA or logon on locally to change their passwords.
  Regarding the issue, please let us know if the following policies are enabled in your domain.
  Enforce password history
  Minimum password age
  Also, does a local domain user have the same issue?
  Thanks.
  Jeremy Wu
  TechNet Community Support

• How to disable password complexity

  Ok, I have XE 10g installed with Apex 4.1 ...
  The windows 2008 R2 server has Password Complexity Policy Disabled....
  How do I disable Password Complexity in the Oracle Apex 4.1 it asking me to
  change the admin password on initial loggin after I just changed in SQLPLUS ...
  Another Great New Feature... I can see I'm never going to be able to upgrade pass 10g and 4.02 at
  this rate....
  Thank you....

  See:
  http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21678/adm_mg_service_set.htm#AEADM204
  The first time you have to set a complex password. After changing the settings, you can change it to a simple password.

• How to disable password complexity via command

  hello
  i have spent hours searching to find a command or script (powershell, cmd, VB, registry...) to disable group policy password complexity. few solutions has been delivered on the net but none of them works.
  i wonder how what a pity if we can't do such simple thing in Microsoft windows
  i really need that because i have created a script which contains many lines which automates windows customization which i always need in my classrooms for testing & teaching purposes
  thanks in advanced

  The answer is in your question: group policy password complexity. http://technet.microsoft.com/en-us/library/cc875814.aspx#ECAA 
  On a non-domain joined pc, this is governed by local policy.
  Note that if your domain is on functional level 2008 or up, you can use fine grained password policies to have a different password policy on the systems your are deploying. http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx
  There
  is no (supported) way to change the password policy applied to a computer. That is intended in the design because password complexity is one of the keys to protect against bruteforce attacks.
  Why wouldn't your script be able to handle password complexity rules? I would recommend tackling this in
  your script, not in password policy.
  MCP/MCSA/MCTS/MCITP
  hi SenneVL
  i don't understand your sentence:  "Why wouldn't your script be able to handle
  password complexity rules? I would recommend tackling this in your script, not in password policy."
  i exactly need a way to disable password complexity via an script. what script can do that
  ?  as far as i searched, no script

• How to disable password complexity rules at application express 4.2 installation?

  Please, provide me how to disable password complexity rules at application express 4.2 installation.
  Best Regards,
  Moustafa

  According to the manual you need to check "Configuring Password Protection" in Oracle Database Security Guide
  In the security guide http://docs.oracle.com/cd/B28359_01/network.111/b28531.pdf, section 3-9/p61, you'll see you need to alter the script UTLPWDMG.SQL. You''l find the script in ORA_HOME/rdbms/admin.
  You'll need to change the script to your own liking.

• Users Unable to Change Password

  Small Business 2011 Standard with Windows 7 Pro workstations - all fully updated.
  We have an issue where none of the users can change their passwords. They receive a message saying that the password
  doesn't meet the length, complexity or history requirements of the domain.
  I know (at least in my case) that the password hasn't been used before and there is no problem with the length
  and complexity. I've even tried switching off the password policies in the SBS Console with no success.
  Apart from the SBS Console is there anywhere else I should be looking that has a higher priority than the console?
  TIA

  We are using SBS 2008 (SP2), and we too are having this problem. Have done all the necessary GP changes. Have done gpupdate /force. As test user, I seem to be unable to change password at all (originally "minimum age" was 1 day, if that is somehow
  still in force might explain why); my end user has waited longer than that, she reports she can change her password but never back to anything in her history (original default was, I think, 24 passwords, might explain).
  While rsop on domain and clients/rdc  shows:
  Policy Policy Setting
  Enforce password history 0 passwords remembered
  Maximum password age 42 days
  Minimum password age 0 days
  Minimum password length 0 characters
  Password must meet complexity requirements Disabled
  Store passwords using reversible encryption Disabled
  Anybody any ideas now??? :(
  EDIT: Hmmm, net accounts /domain gives me:
  Force user logoff how long after time expires?: Never
  Minimum password age (days): 2
  Maximum password age (days): Unlimited
  Minimum password length: 0
  Length of password history maintained: 24
  Lockout threshold: 50
  Lockout duration (minutes): 10
  Lockout observation window (minutes): 10
  Computer role: PRIMARY
  The command completed successfully.
  Those settings would explain my problem, then!
  I can see that net accounts will allow me to alter this stuff, from the command-line, I guess that is what I need to do?
  NET ACCOUNTS
  [/FORCELOGOFF:{minutes | NO}]
  [/MINPWLEN:length]             
  [/MAXPWAGE:{days | UNLIMITED}]
  [/MINPWAGE:days]
  [/UNIQUEPW:number]
  [/DOMAIN]

• Adding a change password link in a custom portlet

  Hi,
  Does anyone know how to add a change password link in a custom portlet? the custom nav UI we have does not show the my account link, we want to hide this complexity for external users, but we still want them to be able to change their password.
  I am expirimenting with using the following link, which seems to work fine, but was wondering if there was a more elegant way to do it using pt: tags?
  <pt:transformer pt:fixurl="off" xmlns:pt='http://www.plumtree.com/xmlschemas/ptui/'/>Change]http://servername/portal/server.pt?space=ChangePassword&&control=EditorStart&editorType=10">ChangePassword</a><pt:transformer pt:fixurl="on" xmlns:pt='http://www.plumtree.com/xmlschemas/ptui/'/>
  Thanks

  Hrm... this does get ugly... This has come up a few times w/ our users as well, so I am definitely interested in seeing what can be done.
  I don't see any sort of pre-built tag to let you access this directly. To your point, I only found the general account editing / access link - not one directly to password reset.
  Couple of questions / notes
  I tried your option and while it works, I'm concerned by the redirect back to the account page. That seems to violate your requirements on hiding the account options info. When the user hits finish / cancel they're taken to the main "My Account" page.Have you considered securing the other activity spaces so they're not visible from the "My Account" page? Then you could use the built-in tags. Not ideal, I know, but if you're going to be routed back to that screen anyway once you finish/cancel your password change...Have you considered just writing the password reset funtionality into your app? I did this a while back and it was actually pretty simple. Then you can have complete control over the behavior.How I wrote password reset...
  You know the userid in this case, so things are MUCH easier (no need to search to find the specific user)Assumption: users are stored in the plumtree database auth sourceUse the native API (com.plumtree.server). I don't know if you need to impersonate a full admin or not... my code doesGet a handle on the userReset the password with the "SetPassword" methodStore the changeSemi-functional code below - note how you'd never want to store your admin userid / password in here like this (or have it blank...)
  '//create an admin connection Dim ptAdminSession As IPTSession = New Session ptAdminSession.Connect("administrator", "", Nothing)
  Dim sNewPassword As String = ""
  '//start user impersonation Dim ptUserSessionTemp As IPTSession = ptAdminSession.ImpersonateUser(iUserID)
  '//open the user for editing Dim oUser As IPTUser = ptAdminSession.GetUsers().Open(iUserID, True)
  '//reset the password oUser.SetPassword(sNewPassword)
  '//mungle with server context Dim mySC As IPTServerContext = oUser.GetInterfaces("IPTServerContext") mySC.Store() mySC.UnlockObject()