A Forum reader recently asked:

“We’re implementing the Unix driver to Solaris10 with IDM 3.5. Everything works great except the length of the password set in Solaris. The Solaris system has been modified to allow greater than 8-character passwords by modifying the /etc/security/policy.conf file to use MD5 encryption instead of the native Unix. Passwords can be changed to greater than 8 characters with the usual passwd command, but the driver script uses the nxpwdpa command, which apparently doesn’t use the password configuration file to allow the greater length. Despite much searching, we can’t find any information on how we can force the driver to use the same encryption, thus allowing longer passwords. There’s reference in the to using nxutil for the MD5/Cypt generator, or is this unrelated to this issue? Is there a way for IDM to use the defined encryption so that longer passwords can be used?”

And here’s the response from Jeremy Grieshop …


For NIS, the nxpwdpa updates the password on the local passwd/shadow map. If you specify the “-m” flag for this call, it should use md5 style passwords. In globals, set DASHMD5=-m and the call to nxpwdpa will use the flag:

# finally, update the password

The crypt configuration is in /etc/security/policy.conf. The should look here and set DASHMD5 based on its content.

Without NIS, it works the same way, with the -m parameter. You can put the “-m” in the script itself. By placing it in, it updates both the and, where SETPASSWORD is called. The just provides a single place where properties that may be shared by multiple scripts. That way, minimal search and replace is done, and the scripts are easier to maintain.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
May 23, 2007
3:37 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Sentinel Supported Troubleshooting Workflow