test

Solaris Naming Administration Guide

The /etc/defaults/passwd File

The /etc/defaults/passwd file is used to set four general password defaults for users whose nsswitch.conf file points to files. The defaults set by the /etc/defaults/passwd file apply only to users whose operative password information is taken from /etc files; they do not apply to anyone using either NIS maps or NIS+ tables. An /etc/defaults/passwd file on an NIS+ server only affects local users who happen to be obtaining their password information from those local files. An /etc/defaults/passwd file on an NIS+ server has no effect on the NIS+ environment or users whose nsswitch.conf file points to either nis or nisplus.

The four general password defaults governed by the /etc/defaults/passwd file are:

The following principles apply to defaults set with an /etc/defaults/passwd file:

By default, /etc/defaults/passwd files already contain the entries:


MAXWEEKS=
MINWEEKS=
PASSLENGTH=

To implement an entry, simply type the appropriate number after the equal sign. Entries that do not have a number after the equal sign are inactive and have no affect on any user. Thus, to set a MAXWEEKS default of 4, you would change the /etc/defaults/passwd file to read:


MAXWEEKS=4
MINWEEKS=
PASSLENGTH=

Maximum Weeks

You can use the MAXWEEKS default in the /etc/defaults/passwd file to set the maximum number of weeks that a user's password is valid. To set a default maximum time period, type the appropriate number of weeks after the equal sign on the MAXWEEKS=line:


MAXWEEKS=N

Where N is a number of weeks. For example, MAXWEEKS=9.

Minimum Weeks

You can use the MINWEEKS default in the /etc/defaults/passwd file to set the minimum number of weeks that must pass before a user can change passwords. To set a default minimum time period, type the appropriate number of weeks after the equal sign on the MINWEEKS= line:


MINWEEKS=N

Where N is a number of weeks. For example, MINWEEKS=2.

Warning Weeks

Note -

This is no point in setting a WARNWEEKS default unless you also set a MAXWEEKS default.

You can add a WARNWEEKS default to the /etc/defaults/passwd file to set the number of weeks prior to a password becoming invalid due to aging that the user is warned. For example, if you have set the MAXWEEKS default to 9, and you want users to be warned two weeks before their passwords become invalid, you would set the WARNWEEKS default to 7.

Remember that WARNWEEKS are counted forward from the date of the user's last password change, not backward from the MAXWEEKS expiration date. Thus, WARNWEEKS must always be less than MAXWEEKS and cannot be equal to or greater than MAXWEEKS.

Note -

A WARNWEEKS default will not work unless there is also a MAXWEEKS default.

To set the warning time period, type the appropriate number of weeks after the equal sign on the WARNWEEKS= line:


	WARNWEEKS=N

Where N is a number of weeks. For example, WARNWEEKS=1.

Minimum Password Length

By default, the passwd command assumes a minimum length of six characters. You can use the PASSLENGTH default in the /etc/defaults/passwd file to change that by setting the minimum number of characters that a user's password must contain to some other number.

To set the minimum number of characters to something other than six, type the appropriate number of characters after the equal sign on the PASSLENGTH= line:


PASSLENGTH=N

Where N is a number of characters. For example, PASSLENGTH=7.