security(4)

This parameter controls login behavior if a user's home directory does not exist. This is applicable only for non-root users.

ABORT_LOGIN_ON_MISSING_HOMEDIR=0 Login with '/' as the home directory if the user's home directory does not exist.

ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login session if the user's home directory does not exist.

Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0

This parameter controls the minimum length of new passwords. It is not applicable to the root user on a untrusted system.

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For untrusted systems N can be any value from 6 to 8. For trusted systems N can be any value from 6 to 80.

Default value: MIN_PASSWORD_LENGTH=6

This parameter controls whether non-root login can be disabled by the /etc/nologin file.

NOLOGIN=0 Ignore the /etc/nologin file and do not exit if the /etc/nologin file exists.

NOLOGIN=1 Display the contents of the /etc/nologin file and exit if the /etc/nologin file exists.

Default value: NOLOGIN=0

This parameter controls the number of logins allowed per user. This is applicable only for non-root users.

NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are allowed per user.

NUMBER_OF_LOGINS_ALLOWED=N N number of logins are allowed per user.

Default value: NUMBER_OF_LOGINS_ALLOWED=0

This parameter controls the password history depth. A new password is checked only against the number of most recently used passwords stored in password history for a particular user. A user is not allowed to re-use a previously used password.

PASSWORD_HISTORY_DEPTH=N A new password is checked against only the N most recently used passwords for a particular user.

A configuration of password history depth of 2 prevents users from alternating between two passwords. The maximum password history depth supported is 10 and the minimum password history depth supported is 1. A depth configuration of more than 10 will be treated as 10, and a depth configuration of less than 1 will be treated as 1.

The password history depth configuration is on a system basis and is supported in trusted system for users in files repository only. This feature does not support the users in NIS or NISPLUS repositories. Once the feature is enabled, all the users on the system are subject to the same check. If this parameter is not configured, the password history check feature is automatically disabled. When the feature is disabled, the password history check depth is set to 1.

A password change is subject to all of the other rules for a new password including a check with the current password.

Default value: PASSWORD_HISTORY_DEPTH=1

This parameter defines the root group name for the su command. Refer to su(1).

SU_ROOT_GROUP=group_name The root group name is set to the specified symbolic group name. The su command enforces the restriction that a non-superuser must be a member of the specified root group in order to be allowed to su to root. This does not alter password checking.

Default value: If this parameter is not defined or if it is commented out, there is no default value. In this case, a non superuser is allowed to su to root without being bound by root group restrictions.

This parameter defines a new default PATH environment value to be set when su is done. Refer to su(1).

SU_DEFAULT_PATH=new_PATH

The PATH environment variable is set to new_PATH when the su command is invoked. Other environment values are not changed. The path value is not validated. This is applicable only when the "-" option is not used along with su command.

Default value: PATH is not changed.