AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
Back to discussions
Expand all | Collapse all

AIX PASSWORD LENGTH LARGER 8

  • 1.  AIX PASSWORD LENGTH LARGER 8

    Posted Thu December 12, 2024 09:32 AM

    Dear:

       After changing the aix password length to 10, the following problem persists:

    WARNING: Your password has expired.
    You must change your password now and login again!
    Changing password for "root"
    root's New password: 
     
    3004-602 The required password characteristics are:
            a maximum of 8 repeated characters.
            a minimum of 1 alphabetic character.
            minimum of 1 lower case alphabetic character
            minimum of 0 upper case alphabetic character
            a minimum of 1 non-alphabetic character.
            minimum of 1 digit 
            minimum of 0 special character
            a minimum of 10 characters in length.
    3004-603 Your password must have:
            a minimum of 10 characters in length.
    How to change root password  and login the system?
    I have checked the link:
    AIX Security: Change maximum length of user name, group name, or password
    Ibm remove preview
    AIX Security: Change maximum length of user name, group name, or password
    Step-by-step instructions to change the maximum length of user name, group name, or password.
    View this on Ibm >
    I doubt  the reason that  I donot run  "chsec -f /etc/security/login.cfg -s usw -a "pwd_algorithm=ssha256" it .
     now I cannot logon the system how to run it ?
    Would you like to give some advice?
    Thanks.
    david


    ------------------------------
    dai david
    ------------------------------


  • 2.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Fri December 13, 2024 02:04 AM

    Hi David,

    On the first look, I believe it can only happen if the supplied password is not of required length which is 10 in this case.

    The error 

    3004-603 Your password must have:
            a minimum of 10 characters in length.
    root's New password:

    comes only in this case. Can you please double check it.



    ------------------------------
    Manjunath A Pattanshetti
    ------------------------------

    Original Message


  • 3.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Mon December 16, 2024 10:38 AM

    Also - which version of AIX are you running ?  
    ( AIX 5.2 was 8 char password , while 5.3 supported longer )



    ------------------------------
    Alan Fulton
    Follow me on Twitter - @The_Iron_Monger
    ------------------------------

    Original Message


  • 4.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Tue December 17, 2024 09:05 PM

    Recently set up an AIX 7.3 server for a client migrating from AIX 6.1.

    AIX 7.3 was very insistent on the 10-character minimum; that can be changed in the /etc/security/user file (if you choose to edit the file), which was the way I chose to address the issue. Several other password characteristics needed to be changed to suit the client, so editing was best for me.



    ------------------------------
    Bob Wyatt
    ------------------------------

    Original Message


  • 5.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Tue December 17, 2024 04:38 AM

    My response was crafted with AI assistance, tailored to provide detailed and actionable guidance for your query.


    If you're unable to log into your AIX system due to the root password expiration and the password length restriction. The issue may be related to both the password length policy and the algorithm configuration (pwd_algorithm).

    Steps to Change the Root Password and Resolve the Login Issue

    1. Access the AIX System via Single-User Mode (Maintenance Mode)

    If you can't log in normally, you need to access the system in single-user mode to reset the password or make necessary changes.

    • Reboot the system.
    • During the system startup, press 1 (or F1 for some systems) when prompted to enter Maintenance Mode.
    • Once you are in single-user mode, you will have root access without needing to log in.

    2. Reset the Root Password in Maintenance Mode

    • Once in single-user mode, you can reset the root password: 
      

      bash 
      

      passwd root
    • Set a new root password and ensure it meets the required criteria (minimum length of 10 characters, with at least one alphabetic character, one digit, and one special character).

    3. Verify the Password Policies in /etc/security/login.cfg

    If you're still experiencing issues with the password length, it could be due to the password policy settings in the /etc/security/login.cfg file.

    • Check the current password policies:

      

      bash 
      

      cat /etc/security/login.cfg

      Look for the minlen and minage settings, which govern password length and aging.

    • If necessary, modify the password length by running:

      

      bash 
      

      vi /etc/security/login.cfg

      Look for the minlen parameter and set it to 10:

      

      makefile 
      

      minlen = 10

      Ensure that other settings such as maxrepeats, minalpha, minlower, minupper, etc., are also in line with your desired password policies.

    4. Run the chsec Command for Password Algorithm (Optional)

    You mentioned the command chsec -f /etc/security/login.cfg -s usw -a "pwd_algorithm=ssha256". This command changes the password algorithm to ssha256, which is more secure than the default method.

    To execute this change, do the following:

    • Once logged into single-user mode, run the following command: 
      

      bash 
      

      chsec -f /etc/security/login.cfg -s usw -a "pwd_algorithm=ssha256"

    This sets the password algorithm to ssha256, ensuring stronger password hashing. However, this should not prevent you from resetting your root password if your system has been running on another algorithm previously.

    5. Ensure Password Requirements Are Met

    The error messages you've seen suggest a conflict between the password policy and your entered password. When creating the new password, ensure:

    • The password is at least 10 characters long.
    • It contains at least one lowercase letter, one numeric digit, and one special character.
    • Avoid having more than 8 repeated characters.
    • Ensure you follow the exact password rules defined in /etc/security/login.cfg.

    6. Restart the System

    Once the password is updated and the policies are correct, you can reboot the system to access it normally.

    

    bash 
    

    reboot

    Summary of Steps:

    1. Boot into Single-User Mode.
    2. Reset the root password in single-user mode using passwd root.
    3. Verify the password policies in /etc/security/login.cfg and ensure the minlen is set to 10.
    4. Optionally, run the chsec command to set the SSHA256 password algorithm if necessary.
    5. Ensure the password meets all policy requirements.
    6. Reboot the system and attempt to log in again.


    ------------------------------
    Saif Ali Sabri
    ------------------------------

    Original Message


  • 6.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Wed December 18, 2024 04:06 AM

    Should I tell you that the answer is wrong?



    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------

    Original Message


  • 7.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Fri December 20, 2024 10:40 AM

    There's no point, he's clearly going to keep spamming the forums.  Still trying to figure out what is idea is.

    Youtube profile of yoga videos.
    Linkedin profile with ERP nonsense, Dell spam links, and generic news/other without a single comment.
    Facebook profile looks like a clone of the linkedin profile.

    Seems to be trying to set himself up as the "AI Man", but he's clearly unable to understand what the AI is spitting out, and he's just pasting without thinking.



    ------------------------------
    José Pina Coelho
    IT Specialist at Kyndryl
    ------------------------------

    Original Message


  • 8.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Wed December 18, 2024 12:39 AM

    Steps to Modify Password Policies on AIX 7.3

    1. Edit the /etc/security/user File

    Use a text editor like vi to open the file:

    

    bash
    

    

    

    

    

    

    vi /etc/security/user

    2. Modify the Password Length

    • To change the minimum password length, locate or add the minlen attribute under the default stanza (or user-specific stanza if needed): 
      

      arduino
      

      

      

      

      

      

      default:
    minlen = 8
      Change 8 to the desired value (e.g., 10 for a 10-character minimum).

    3. Adjust Additional Password Policies

    Depending on the client's requirements, you might also need to configure these attributes:

    • minalpha: Minimum number of alphabetic characters required.
    • minother: Minimum number of non-alphabetic characters required.
    • minalpha: Minimum number of alphabetic characters required in the password.
    • maxrepeats: Maximum number of repeated characters allowed.
    • histsize: Number of previous passwords remembered.
    • mindiff: Minimum number of characters that must differ from the previous password.

    Example:

    

    arduino
    

    

    

    

    

    

    <sider-code-explain id="sider-code-explain" data-gpts-theme="light"></sider-code-explain>default:
    minlen = 10
    minalpha = 2
    minother = 2
    maxrepeats = 2
    histsize = 10
    mindiff = 4

    4. Save and Exit

    Save changes and exit the editor:

    • Press ESC.
    • Type :wq and hit Enter.

    5. Test the Changes

    Create or change a user's password to ensure the policies are enforced:

    

    bash
    

    

    

    

    

    

    passwd <username>

    6. Restart Necessary Services (if required)

    Although changes usually take effect immediately, you may restart services to ensure all policies are applied:

    

    bash
    

    

    

    

    

    

    chuser registry=files <username>

    Key Points to Consider

    • Default vs. User-specific Settings: Changes in the default stanza apply to all users unless overridden in individual user stanzas.
    • Security Compliance: Ensure the password policy complies with your organization's or client's security guidelines.
    • Backup the Configuration File: Always create a backup of the /etc/security/user file before making changes: 
      

      bash
      

      

      

      

      

      

      cp /etc/security/user /etc/security/user.bak


    ------------------------------
    Saif Ali Sabri
    Implementations ERP
    eBiz Portal
    Faisalabad
    +923007960782
    ------------------------------

    Original Message


  • 9.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Wed December 18, 2024 08:09 AM
    Edited by Andreas Neuper Sat December 21, 2024 08:14 AM

    Hi Dai David,

    I saw, that you already mentioned AIX Security: Change maximum length of user name, group name, or password, where item "4)" of the second part "Password maximum length" exactly describes your problem. You doubted the importance of a new password algorithm, while the grey box (and the note) before the displayed error-message describes the reason. you see your result (with 15 instead of 10) and why you should not use the default DES/crypt algorithm: "The crypt function only uses the first 8 characters of a password."  I believe, that the algorithm immediately encrypts the password while entering and only returns which rules were not fulfilled. 

    Did you already gain access to the system again?

    Merry Xmas

    ------------------------------
    AN
    ------------------------------

    Original Message


  • 10.  RE: AIX PASSWORD LENGTH LARGER 8

    Posted Tue December 24, 2024 07:39 PM

    Hi Andreas Neuper

          Saif Ali Sabri  have gived us  the right way .

    1. Boot into Single-User Mode.
    2. Reset the root password in single-user mode using passwd root.
    3. Verify the password policies in /etc/security/login.cfg and ensure the minlen is set to 10.
    4. Optionally, run the chsec command to set the SSHA256 password algorithm if necessary.
    5. Ensure the password meets all policy requirements.
    6. Reboot the system and attempt to log in again.

        Thanks everyone .



    ------------------------------
    dai david
    ------------------------------

    Original Message