Enter the following additional information for the password of a user account in an AIX system. This data is mapped in /etc/security/user.
Table 23: Password data for user accounts in an AIX system
minlen |
Minimum number of characters a password must have. (Parameter minlen). |
maxrepeats |
Maximum number of characters that can be repeated in passwords. The default value 8 specifies that a maximum has not been fixed. (Parameter maxrepeats). |
mindiff |
Minimum number of unique characters that passwords must contain. (Parameter mindiff). |
minalpha |
Specifies the minimum number of alphabetical characters the password must contain. (Parameter minalpha). |
minloweralpha |
Specifies the minimum number of lowercase letters the password must contain. (Parameter minloweralpha). |
minupperalpha |
Specifies the minimum number of uppercase letters the password must contain. (Parameter minupperalpha). |
mindigit |
Specifies the minimum number of digits the password must contain. (Parameter mindigit). |
minspecialchar |
Specifies the minimum number of special characters the password must contain. (Parameter minspecialchar). |
minother |
Specifies the minimum number of non-alphabetical characters a new password must contain. (Parameter minother). |
dictionlist |
Dictionary file of passwords that are not allowed. (Parameter dictionlist). |
histexpire |
Number of weeks before a password can be reused. (Parameter histexpire). |
histsize |
Number of password iterations allowed before an old password can be used again. (Parameter histsize). |
minage |
Minimum number of weeks before a password can be changed. (Parameter minage). |
maxage |
Maximum number of weeks before a password must be changed. (Parameter maxage). |
maxexpired |
Maximum number of weeks beyond maxage that an expired password can be changed by the user. (Parameter maxexpired). |
pwdchecks |
Methods to apply to new passwords that check the password quality. The value contains a comma delimited list of method names. (Parameter pwdchecks). |
pwdwarntime |
Number of days before the system issues a warning that a password change is required. (Parameter pwdwarntime). |
Enter the following additional security-related information for a user account in an AIX system. This data is mapped in /etc/security/user.
Table 24: Additional security-related data for user accounts in an AIX system
account_locked |
Specifies whether the user account is locked. (Parameter account_locked). |
admin |
Specifies the administrative status of the user. (Parameter admin). |
admgroups |
Lists the groups the user administrates. (Parameter admgroups). |
auditclasses |
The user account's audit classes. (Parameter auditclasses). |
auth1 |
Additional mandatory methods for authenticating the user. (Parameter auth1). |
auth2 |
Additional optional methods for authenticating the user. (Parameter auth2). |
core_compress |
Enables or disables core file compression. (Parameter core_compress). |
core_path |
Enables or disables core file path specification. (Parameter core_path). If this attribute has a value of On, core files will be placed in the given directory. otherwise, core files are placed in the user's current working directory. |
core_naming |
Naming conventions for the core file. If this option is set, the core file is stamped with a process ID, time, and date. (Parameter core_naming). |
daemon |
Specifies whether the user can run programs using the cron daemon or the src (system resource controller) daemon. (Parameter daemon). |
dce_export |
Specifies whether the DCE registry can overwrite the local user information with the DCE user information during a DCE export operation. (Parameter dce_export). |
expires |
Expiration date of the user account. (Parameter expires). |
login |
Specifies whether the user can log in to the system with the login command. (Parameter login). |
logintimes |
Times, days, or both, the user is allowed to access the system. (Parameter logintimes). |
loginretries |
Number of unsuccessful login attempts allowed after the last successful login before the system locks the account. (Parameter loginretries). A value of 0 or a negative value, indicates no maximum age. |
projects |
List of projects that the user's processes can be assigned to. The value is a list of comma-delimited project names. (Parameter projects). |
registry |
Defines the authentication registry where the user is administered. (Parameter registry). |
rlogin |
Specifies whether access is permitted to the account from a remote location with the telnet or rlogin commands. (Parameter rlogin). |
su |
Specifies whether another user can switch to the specified user account with the su command. (Parameter su). |
sugroups |
Groups that can use the su command to switch to the specified user. (Parameter sugroups). |
SYSTEM |
System's authentication mechanism for the user. (Parameter SYSTEM). |
tpath |
The user's trusted path status. (Parameter tpath). |
ttys |
Lists the terminals that can access the user. (Parameter ttys). |
umask |
Determines file permissions. (Parameter umask). The default value is 022. |
Enter the following additional information for using the encrypted file system (EFS) for a user account in an AIX system. This data is mapped in /etc/security/user.
Table 25: User account main data of encrypted file systems
efs_adminks_access |
Defines the efs_admin keystore location (Parameter efs_adminks_access). Permitted values:
|
efs_allowksmodechangebyuser |
Specifies whether the user can change the mode or not. (Parameter efs_allowksmodechangebyuser). |
efs_file_algo |
Algorithm used to generate the file protection key. (Parameter efs_file_algo). Permitted values:
-
AES_128_CBC
-
AES_192_CBC
-
AES_256_CBC |
efs_initialks_mode |
Initial mode of the user keystore. (Parameter efs_initialks_mode). Permitted values:
|
efs_keystore_access |
User keystore location. (Parameter efs_keystore_access). Permitted values:
|
efs_keystore_algo |
Algorithm used to generate the user private key when the keystore is created. (Parameter efs_keystore_algo). Permitted values:
-
RSA_1024
-
RSA_2048
-
RSA_4096 |
Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.
For more information about using extended properties, see the One Identity Manager Compliance Rules Administration Guide.
To specify extended properties for a user account
-
In the Manager, select the Unix > User accounts category.
-
Select the user account in the result list.
-
Select Assign extended properties.
-
In the Add assignments pane, assign extended properties.
TIP: In the Remove assignments pane, you can remove assigned extended properties.
To remove an assignment
- Save the changes.