NOTE: Without the pwd_algorithm entry in /etc/security/login, the default value is \"crypt\" which is the legacy crypt() function.
Once the system password algorithm has been changed it will be used the next time a user changes his/her password. Until then they will continue to use their original password and hashing algorithm.
Example Application
Applying one of the new passwd hashing algorithms
To select a different LPA, the system administrator can either use the chsec command or manually edit the /etc/security/login.cfg file.
Using the chsec command
Use the following chsec command to set \"smd5\" LPA as the system wide
password encryption module:
# chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=smd5
When using the chsec command to modify the pwd_algorithm attribute, the command checks the /etc/security/pwdalg.cfg to verify the chosen LPA. The command fails if the check is failed.
Using an editor
When administrator manually changes the pwd_algorithm attribute value in
/etc/security/login.cfg using an editor, please make sure that the chosen value is a name of a stanza that is defined in /etc/security/pwdalg.cfg file.
New Password Attributes
New values for attributes related to passwd length have also been changed. The
following attributes in the /etc/security/user configuration file are effected:
maxrepeats - Defines the maximum number of times a given character can appear in a password.
PREV range 0 - 8, Default is 8,
NEW range 0 - PW_PASSLEN, Default is PW_PASSLEN
minalpha - Defines the minimum number of alphabetic characters in a password.
PREV range 0 - 8, Default is 8
NEW range 0 - PW_PASSLEN, Default is 0
minlen - Defines the minimum length of a password.
PREV range 0 - 8. Default is 8
NEW range 0 - PW_PASSLEN. Default is 0.
minother - Defines the minimum number of non-alphabetic characters in a password.
PREV range 0 - 8. Default is 8
NEW range 0 - PW_PASSLEN. Default is 0
mindiff - Defines the minimum number of characters in the new password that were not in
the old password.
PREV range 0 - 8. Default is 8
NEW range 0 - PW_PASSLEN. Default is 0