tiger 1:3.2.3-10 / usr / lib / tiger / doc / passwd.txt

%pass001w
The listed username occurs more than once in the same file.  This
indicates a configuration problem and should be corrected.
%pass002w
The listed userid (uid) occurs more than once in the same file.  This
usually indicates a configuration problem and should be corrected.  On
many systems, uid 0 (zero) and uid 1 (one) are often used for multiple
usernames.  It is usually to completely disable all of the usernames
except for `root' for uid zero and all of the usernames for uid one.
%pass003w
The listed entry does not have the correct number of fields.  This
indicates a configuration problem that should be corrected.
%pass004w
The listed username occurs in separate password sources, but the userid
(uid) is different in them.  This can lead to unexpected access to
resources if not corrected.
%pass005w
The listed userid (uid) occurs in separate password sources, but the
usernames are different.  This can lead to unexpected access to resources
if not corrected.
%pass006w
The password files have integrity issues as found by 'pwck -r'.  This
can lead to looping of password manipulation programs and to authentication
or login issues if not corrected.
%pass007w
Some password controls or constraints are missing.  These should be be
applied to all users via their /etc/login.defs configuration values.
%pass008e
The password file was not generated and cannot be analysed. This might
probably happen due to Tiger not running with full administrative access.
%pass009f
The format of a given configuration file used for user (or group) 
authentication has some inconsistency that might be a security vulnerability.
%pass010w
The listed groupname occurs more than once in the same file.  This
indicates a configuration problem and should be corrected.
%pass011f
The listed username has an empty password string.  This will allow any user
to gain access to the account without being prompted for a password.
%pass012w
The listed home directory is specified for multiple users. This can lead to
denial-of-service and unexpected resource usage (i.e. shell initialization
files, etc) if not corrected.
%pass013w
The listed username is not using an acceptable, cryptographic method for the
password hash. 
%pass014w
The listed login ID is disabled in some manner ('*' in passwd field, etc),
but the login shell for the login ID is a valid shell (from /etc/shells
or the system equivalent).  A valid shell can potentially enable the
login ID to continue to be used.  The login shell should be changed
to something that doesn't exist, or to something like /bin/false.
%pass015w
The listed login ID does not have a valid login program or shell.
Usually these are defined in /etc/shells.
%pass016w
The listed login ID should not have "/" (system root directory)
as its home drive. This is a possible security hole.
%pass017w
The listed login ID has a user ID of zero (0) and is not the 'root'
account.  This should be checked to see if it is legitimate.  In any
case, having login ID's with a user ID of zero tends to lead to security
problems, and should be avoided (except for 'root')
%pass018f
The listed administrative login should have an impossible password.
Files owned by this login ID may reside in critical system directories
and compromise of this account could lead to trojan executables in
typical search paths.
%pass19w
The listed login ID does not have password aging enabled.  Good
password management practices indicate that passwords should not
be static, but rather should be changed on a regular basis.
%pass20w
The listed login ID is not configured to use shadow passwords.  This
indicates the specified login ID has its cypher text publicly available
and is subject to brute force password cracking, even though shadow
passwords are implimented on the system.