Table of Contents
Advertisement
Managing the Password Policy
If you want users to change their passwords periodically, select the
8.
"Password expires after X days" radio button, and then enter the number of
days that a user password is valid.
The maximum value for the password age is derived by subtracting January
18, 2038, from today's date. The value you enter must not be set to the
maximum value or too close to the maximum value. If you set the value to the
maximum value, Directory Server may fail to start because the number of
seconds will go past the epoch date. In such an event, the error log will
indicate that the password maximum age is invalid. To resolve this problem,
you must correct the
A common policy is to have passwords expire every 30 to 90 days. By default,
the password maximum age is set to
If you have selected the "Password expire after X days" radio button, you
9.
need to specify how long before the password expires to send a warning to
the user. In the "Send Warning X Days Before Password Expires" text enter
the number of days before password expiration to send a warning.
If you want the server to check the syntax of a user password to make sure it
10.
meets the minimum requirements set by the password policy, select the
"Check Password Syntax" checkbox. Then, specify the minimum acceptable
password length in the "Password Minimum Length" text box.
From the "Password Encryption" pull-down menu, select the encryption
11.
method you want the server to use when storing passwords.
For detailed information about the encryption methods, refer to the
passwordStorageScheme
The Password Encryption menu might contain other encryption methods, as
the directory dynamically creates the menu depending upon the existing
encryption methods it finds in your directory.
When you have finished making changes to the password policy, click Save.
12.
Configuring a Subtree/User Password Policy Using the Console
To set up the password policy for a subtree or user, you need to add the required
entries and attributes at the subtree or user level, set the appropriate values to the
password policy attributes, and enable fine-grained password policy checking.
Enable fine-grained password policy.
1.
a.
b.
282
Red Hat Directory Server Administrator's Guide • May 2005
passwordMaxAge
In the Directory Server Console, select the Configuration tab.
In the navigation tree, select the Data node.
attribute value in the
seconds (100 days).
8640000
attribute in Table 7-1, on page 283.
file.
dse.ldif
Advertisement
Table of Contents
Troubleshooting
