How to Set Stronger Password Constraints

Use this procedure if the defaults do not satisfy your site security requirements. The steps are in the order of the variable entries in the /etc/default/passwd file.

Before You Begin

You must become an administrator who is assigned the solaris.admin.edit/etc/default/passwd authorization. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

• Use the pfedit command to make the following changes in the /etc/default/passwd file:
  1. Require users to change their passwords every four months, but not more frequently than every three weeks.

     ## /etc/default/passwd
     ##
     #MAXWEEKS=
     #MINWEEKS=
     MAXWEEKS=13
     MINWEEKS=3

  2. Require a password of at least eight characters.

     #PASSLENGTH=6
     PASSLENGTH=8

  3. Keep a password history.

     #HISTORY=0
     HISTORY=10

  4. Require a minimum difference from the last password.

     #MINDIFF=3
     MINDIFF=4

  5. Require at least one uppercase letter.

     #MINUPPER=0
     MINUPPER=1

  6. Require at least one digit.

     #MINDIGIT=0
     MINDIGIT=1

See also

• For the list of variables that constrain password creation, see the passwd(1) man page.

• For the password constraints in effect after installation, see System Access Is Limited and Monitored.