HP Sentry User Manual

SENTRY User’s Guide

Section 2 - 5

Fitzgerald & Long

1. Null Passwords Allowed - The default of this field is “N”. When set to “N”o, each user must have
a password. If this field is set to “Y”es, you may create a user with a null password. For good security,
passwords should be mandatory. This field controls the data entry program for creating new users. When
creating a new user through the SENTRY data entry programs you will be REQUIRED to enter a
password for the user or allow SENTRY to generate one for you if this field is set to “N”. This is not a
UNIX parameter. It is used only by SENTRY. This field accepts the values “Y” or “N”.

2. Minimum Password Length - This is a UNIX parameter as well as one used by SENTRY when
new users are created. The minimum password length may be 0 (zero) to “your maximum value” in
length. However, most UNIX systems do not recognize more than 8 (eight) characters. More than 8 are
ignored. The recommended and default value for this field is 6. Using at least 6 characters decreases the
possibility that someone might guess a password or that a “break-in” might occur through computer
generated guesses. A six character password is also short enough so that a user is not overly taxed to
remember it (without writing it down). This field accepts only integer values 0 - 16.

3. Maximum Password Length - The UNIX limit is normally 8 characters. Your system may simply
ignore any characters after the eighth one. The default and recommended value for this field is 8. This
field accepts only integer values 0 - 16. The maximum value must be equal to or greater than the minimum
password length value.

4. Enable Custom User Attributes: - Because the various flavors of UNIX offer different options for
controlling passwords and login ids, Sentry manages these options via the “Custom User Attributes”
interface. When your version of Sentry was installed this parameter was set to “Y” if your system offered
additional options which most every system does.

5. Password Format Mask - This field is used by the User Profile data entry screen if you use
SENTRY’s generate new password option in the password field. If you plan to use this functionality you
may select a “mask” of either ALPHA or ALPHANUM which generates either alphabetic or alphanumeric
passwords. SENTRY will generate either a string of alphabetic characters such that the password is
alternating consonants and vowels for the length of the string defined by the Minimum Password Length
(selection 2 in this screen), or a string of characters beginning with an alphabetic character and containing
at least one numeric. If this field is set to null or ALPHA, only alphabetic characters will be used. If the
field is set to ALPHANUM, the generated password will contain at least one embedded numeric. The
default and recommended value is ALPHA which will generate a string of alphabetic characters, the length
defined by the Minimum Password Length field. If the minimum length field is 0 or null, a password of 6
characters will be used unless otherwise specified when the “G”enerate command is used in the password
field of the User Profile data entry screen.

You may also control the case of generated passwords by adding either “,LC” or “,UC” to the password
format field. The default is for generated passwords to be all lower case.

Many UNIX systems require that passwords must meet the following requirements:

•

Each password must have at least six characters. Only the first eight characters are significant.