AIX7-00-001131 - AIX must implement a way to force an identified temporary user to renew their password at next login.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Without providing this capability, an account may be created without a password. Non-repudiation cannot be guaranteed once an account is created if a user is not forced to change the temporary password upon initial login.

Temporary passwords are typically used to allow access when new accounts are created or passwords are changed. It is common practice for administrators to create temporary passwords for user accounts which allow the users to log on, yet force them to change the password once they have successfully authenticated.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Use the following command to force a temporary user (<tmp_user>) to change password at next login:
# chsec -f /etc/security/passwd -s <tmp_user> -a 'flags=ADMCHG'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R5_STIG.zip

Item Details

References: CAT|II, CCI|CCI-002041, Rule-ID|SV-215228r508663_rule, STIG-ID|AIX7-00-001131, STIG-Legacy|SV-101643, STIG-Legacy|V-91545, Vuln-ID|V-215228

Plugin: Unix

Control ID: d3d94bc68b7bab2fa3f93e19875d66282db13efbe9da6859e9350a20cf03348f