Originally posted by: SystemAdmin

I would like to set a password policy which has the following
Minimum 2 alphabetical characters
Minimum 2 digits
Minimum 2 special characters
#AIX-Forum

Originally posted by: SystemAdmin

As it comes out of the box you can't do this. AIX has the attributes "minalpha" and "minother" where other means non-alphabetic, hence including both numeric and special characters together. It also has "mindiff" to specify how many unique characters are required. To do what you want you'd need to code a program, known as a "method" in the doc.
Question for you. Why do you feel this is necessary for non-root users?

Regards,
Jim Lane
#AIX-Forum

Originally posted by: SystemAdmin

Thanks for reply. How does the method look like and which keyword in /etc/security/user file define this method.

The answer to the question is it is basically for the root user which I would like to set and not for a user but, it would also be better if I can set for users so that the hacker do not hack the system using the normal user account and then get the root's access.
#AIX-Forum

Originally posted by: SystemAdmin

It strikes me that you're making this a lot more complicated than it needs to be. The fact that you're mostly interested in the root user is a good thing. Since you're asking the question I can only assume you are the root user. I find it hard to imagine why you need to be writing extensions to the operating system to enforce security rules on yourself. Get a random password generator and go from there.
#AIX-Forum

Originally posted by: SystemAdmin

There was a question from one of our client asking how password can be checked to ensure that it is going to accept atleast 1 special character. As per minother even if the root user enters only digit it will allow to set the password.
#AIX-Forum

Originally posted by: SystemAdmin

> There was a question from one of our client asking
> how password can be checked to ensure that it is
> going to accept atleast 1 special character. As per
> minother even if the root user enters only digit it
> will allow to set the password.

The root user has to have a way to enter an arbitrary password, including one that violates any policy that might be set. Since the root user is able to change the password files directly there's no loss in security.
#AIX-Forum

Originally posted by: SystemAdmin

Thanks for reply. How does the method look like and which keyword in /etc/security/user file define this method.

The answer to the question is it is basically for the root user which I would like to set and not for a user but, it would also be better if I can set for users so that the hacker do not hack the system using the normal user account and then get the root's access.
#AIX-Forum

Originally posted by: SystemAdmin

In that case, you might set a single group that includes users that can su to root. The parameter for this is sugroups. and you will find it in /etc/security/user.

Some of the key parameters that you can set in /etc/security/user include
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
You can also plug in your own checking routines for passwords.

• Perhaps the easiest way to check is through smit and see what changes

#AIX-Forum

Originally posted by: SystemAdmin

bminalpha, minother, mindiff/b all these can be used to set the restriction on the password but cannot avoid user giving passwords like abc123, ab1234 which are most common passwords. I would like users to avoid giving such kind of passwords.

How can I write a password checking method and also enable the method
#AIX-Forum

Originally posted by: SystemAdmin

Check out this other forum post:
http://unix.ittoolbox.com/groups/technical-functional/ibm-aix-l/password-security-424766

Make sure at AIX 5.3 that you have APAR IY69685 and maybe IY33478
#AIX-Forum