HP Sentry User Manual

SENTRY User’s Guide

Section 3 - 5

Fitzgerald & Long

Minimum Password Length - This is a UNIX defined parameter as well as one used by SENTRY
when new users are created. Passwords may be 0 (zero) to “your maximum value” in length. However,
most UNIX systems do not recognize more than 8 (eight) characters. More than 8 are ignored. The
recommended and default value for this field is 6. Using at least 6 characters decreases the possibility that
someone might guess a password or that a “break-in” might occur through computer generated guesses. A
six character password is also short enough so that a user is not overly taxed to remember it (without
writing it down).

Maximum Password Length - The UNIX limit is normally 8 characters. However, your system may
simply ignore any characters after the eighth one. The default and recommended value for this field is 8.
This field accepts only integer values 0 - 16. The maximum value must be equal to or greater than the
minimum password length value.

Enable Password Aging - This is a SENTRY value used by the program through which you create
new users. Some versions of UNIX support password aging. On these systems, the System
Administrator can set a minimum number of weeks before a user is allowed to change his password and a
maximum number of weeks after which the user is forced to change his password. This functionality may
also allow the System Administrator to determine if a user is allowed to change his own password or
whether only the System Administrator is allowed to change it. When this field is set to “Y”es, the
program for creating new users will prompt for a “Password Lifetime”. The default and recommended
value for this field is “Y” if your version of UNIX supports this functionality.

Password Life Default - This field is also used by the program through which you create new users, if
password aging is enabled through the previous field. If your version on UNIX supports this functionality
you may set a minimum and maximum number of weeks for the password life. The minimum is the
number of weeks before which the user CANNOT change his password and the maximum is the number of
weeks until the user is FORCED to change his password. The value entered here is used as the default
value in the User Profile data entry screen to assist you in creating “normal” users with a consistent set of
parameters and to eliminate a few key strokes when creating a new user. You may select “INF” (infinite)
which means there are no requirements for changing passwords at the default level. “INF” should be
entered if password aging is not enabled in the previous field. You will still be able to set password life
parameters in the User Profile screen. You may select 0 to 63 as a maximum and 0 to 63 as a minimum.
Enter the maximum and minimum separated by spaces - for example “12,2”. To insure that a user MUST
change his password the first time he logs in use “0,0” if you wish this to be the default.

Password Format Mask - This field is used by the User Profile data entry screen if you use
SENTRY’s generate new password option in the password field. If you plan to use this functionality you
may select a “mask” of either ALPHA or ALPHANUM which generates either alphabetic or alphanumeric
passwords. SENTRY will generate either a string of alphabetic characters such that the password format
is alternating consonant/vowel for the length of the string defined by the Minimum Password Length
(selection 2 in this screen), or a string of characters beginning with an alphabetic character and containing
at least one numeric. If this field is set to ALPHA, only alphabetic characters will be used. If the field is
set

to ALPHANUM, the generated password will contain at least one