- ABORT_LOGIN_ON_MISSING_HOMEDIR
This parameter controls login behavior if a user's home directory
does not exist. This is applicable only for non-root users.
ABORT_LOGIN_ON_MISSING_HOMEDIR=0
Login with '/' as the home directory if the user's home directory
does not exist.
ABORT_LOGIN_ON_MISSING_HOMEDIR=1
Exit the login session if the user's home directory does not exist.
Default value:
ABORT_LOGIN_ON_MISSING_HOMEDIR=0
- MIN_PASSWORD_LENGTH
This parameter controls the minimum length of new passwords.
It is not applicable to the root user on a untrusted system.
MIN_PASSWORD_LENGTH=N
New passwords must contain at least
N
characters.
For untrusted systems
N
can be any value from 6 to 8.
For trusted systems
N
can be any value from 6 to 80.
Default value:
MIN_PASSWORD_LENGTH=6
- NOLOGIN
This parameter controls whether non-root login
can be disabled by the
/etc/nologin
file.
NOLOGIN=0
Ignore the
/etc/nologin
file and do not
exit if the
/etc/nologin
file exists.
NOLOGIN=1
Display the contents of the
/etc/nologin
file and exit if the
/etc/nologin
file exists.
Default value:
NOLOGIN=0
- NUMBER_OF_LOGINS_ALLOWED
This parameter controls the number of logins
allowed per user. This is applicable only
for non-root users.
NUMBER_OF_LOGINS_ALLOWED=0
Any number of logins are allowed per user.
NUMBER_OF_LOGINS_ALLOWED=N
N
number of logins are allowed per user.
Default value:
NUMBER_OF_LOGINS_ALLOWED=0
- PASSWORD_HISTORY_DEPTH
This parameter controls the password history
depth. A new password is checked only against
the number of most recently used passwords
stored in password history for a particular user.
A user is not allowed to re-use a previously used
password.
PASSWORD_HISTORY_DEPTH=N
A new password is checked against only the
N
most recently used passwords for a particular user.
A configuration of password history depth of 2
prevents users from alternating between two passwords.
The maximum password history depth supported is 10
and the minimum password history depth supported is 1.
A depth configuration of more than 10 will be treated
as 10, and a depth configuration of less than 1 will
be treated as 1.
The password history depth configuration is on a
system basis and is supported in trusted system
for users in files repository only. This feature
does not support the users in
NIS
or
NISPLUS
repositories. Once the feature is enabled, all
the users on the system are subject to the same
check. If this parameter is not configured, the
password history check feature is automatically
disabled. When the feature is disabled, the
password history check depth is set to 1.
A password change is subject to all of the other
rules for a new password including a check with
the current password.
Default value:
PASSWORD_HISTORY_DEPTH=1
- PASSWORD_MAXDAYS
This parameter controls the default maximum number of
days that passwords are valid.
This parameter applies only to local users and does
not apply to Trusted Systems.
The
passwd -x
option can be used to override this value for a specific user.
PASSWORD_MAXDAYS=N
A new password is valid for up to
N
days, after which the password must be changed.
Default value:
PASSWORD_MAXDAYS=-1
password aging is turned off.
- PASSWORD_MINDAYS
This parameter controls the default minimum number of
days before a password can be changed. This parameter
applies only to local users and does not apply to
Trusted Systems. The
passwd -n
option can be used to override this value for a specific user.
PASSWORD_MINDAYS=N
A new password cannot be changed
until at least
N
days since it was last changed.
Default value:
PASSWORD_MINDAYS=0
- PASSWORD_WARNDAYS
This parameter controls the default number of days
before password expiration that a user is to be warned
that the password must be changed. This parameter
applies only to local users on Shadow Password systems.
The
passwd -w
option can be used to override this value for a specific user.
PASSWORD_WARNDAYS=N
Users are warned
N
days before their password expires.
Default value:
PASSWORD_WARNDAYS=0
(no warning)
- SU_ROOT_GROUP
This parameter defines the root group name
for the
su
command.
Refer to
su(1).
SU_ROOT_GROUP=group_name
The root group name is set to the specified
symbolic group name. The
su
command
enforces the restriction that a non-superuser
must be a member of the specified root group
in order to be allowed to
su
to root.
This does not alter password checking.
Default value: If this parameter is not defined or
if it is commented out, there is no default value.
In this case, a non superuser
is allowed to
su
to root without being bound
by root group restrictions.
- SU_DEFAULT_PATH
This parameter defines a new default PATH environment
value to be set when
su
to a non-superuser account is done.
Refer to
su(1).
SU_DEFAULT_PATH=new_PATH
The PATH environment variable is set to
new_PATH
when the
su
command is invoked. Other environment values are
not changed. The path value is not validated.
This parameter does not apply to a superuser account, and is
applicable only when the "-" option is not used along with
su
command.
Default value: PATH is not changed.
- UMASK
This parameter controls
umask(2)
of all sessions initiated via
pam_unix(5).
It accepts values from 0 to 0777 as an unsigned octal
integer (leading zero can be omitted).
UMASK=default_umask
The umask is set or restricted further with the value of
default_umask.
Default value:
UMASK=0
Printable version
