Novell is now a part of Micro Focus

Setting Longer Solaris Passwords with IDM

Novell Cool Solutions: Tip
By Jeremy Grieshop

Digg This - Slashdot This

Posted: 23 May 2007


A Forum reader recently asked:

"We're implementing the Unix driver to Solaris10 with IDM 3.5. Everything works great except the length of the password set in Solaris. The Solaris system has been modified to allow greater than 8-character passwords by modifying the /etc/security/policy.conf file to use MD5 encryption instead of the native Unix. Passwords can be changed to greater than 8 characters with the usual passwd command, but the driver script uses the nxpwdpa command, which apparently doesn't use the password configuration file to allow the greater length. Despite much searching, we can't find any information on how we can force the driver to use the same encryption, thus allowing longer passwords. There's reference in the to using nxutil for the MD5/Cypt generator, or is this unrelated to this issue? Is there a way for IDM to use the defined encryption so that longer passwords can be used?"

And here's the response from Jeremy Grieshop ...


For NIS, the nxpwdpa updates the password on the local passwd/shadow map. If you specify the "-m" flag for this call, it should use md5 style passwords. In globals, set DASHMD5=-m and the call to nxpwdpa will use the flag:

# finally, update the password

The crypt configuration is in /etc/security/policy.conf. The should look here and set DASHMD5 based on its content.

Without NIS, it works the same way, with the -m parameter. You can put the "-m" in the script itself. By placing it in, it updates both the and, where SETPASSWORD is called. The just provides a single place where properties that may be shared by multiple scripts. That way, minimal search and replace is done, and the scripts are easier to maintain.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates