You can enforce password requirements for locally authenticated
users by using the Hardware Management Console (HMC). The enhanced password
policy function allows the system administrator to set password restrictions.
The enhanced password policy applies to the systems that have HMC installed.
With the enhanced password policy, system administrators can define
a single password policy for all users. The
HMC provides a medium security
password policy, which can be activated by the system administrators
to set password restrictions. The system administrator activates the
medium security policy or a new user-defined policy. The
HMC medium security password
policy cannot be removed from the system. The following table lists
the attributes of the medium security policy and the default values.
Table 1. Password attributes for the HMC medium security password
policy| Attribute |
Description |
Default value |
|---|
| min_pwage |
The minimum number of days a password must remain
active |
1 |
| pwage |
The maximum number of days a password might
remain active |
180 |
| min_length |
The minimum length of a password |
8 |
| hist_size |
The number of previous passwords saved that
might not be reused |
10 |
| warn_pwage |
The number of days a user is warned that the
password is about to expire |
7 |
| min_digits |
The number of digits required to be used in
the password |
None |
| min_uppercase |
The number of characters that must be uppercase |
1 |
| min_lowercase |
The number of characters that must be lowercase |
6 |
| min_special_chars |
The number of special characters that must be
in the password |
None |
Notes: - The HMC medium
security password policy does not apply to the hscroot, hscpe,
and root user IDs.
- The HMC medium
security password policy affects only the locally authenticated users
that are managed on the HMC and
cannot be enforced on LDAP or Kerberos users.
- The HMC medium
security password policy or the user-defined policy allows the system
administrators to set the restriction on password reuse.
- The HMC medium
security password is read-only and the attributes of HMC medium security password
cannot be changed. You can create a new user-defined password to set
password restriction.
The
HMC medium
security password policy can be configured by using the command-line
interface (CLI). You can use the following commands to configure the
HMC medium security password
policy:
- mkpwdpolicy
- The mkpwdpolicy command adds a new password
policy by importing the policy from a file, which contains all the
parameters, or by creating the policy from the CLI.
- lspwdpolicy
- The lspwdpolicy command lists all the available
password policy profiles and searches for specific parameters. You
can also view the current active policy.
- rmpwdpolicy
- The rmpwdpolicy command removes an existing
inactive password policy.
Note: You cannot remove an active medium
security policy and the default read-only policy.
- chpwdpolicy
- The rmpwdpolicy command changes parameters
in an inactive password policy.
Subscribe to this information