Table of Contents
Advertisement
Managing the Password Policy
Configuring the Account Lockout Policy
The lockout policy works in conjunction with the password policy to provide
further security. The account lockout feature protects against hackers who try to
break into the directory by repeatedly trying to guess a user's password. You can
set up your password policy so that a specific user is locked out of the directory
after a given number of failed attempts to bind.
Configuring the account lockout policy is described in the following sections:
•
Configuring the Account Lockout Policy Using the Console
•
Configuring the Account Lockout Policy Using the Command-Line
Configuring the Account Lockout Policy Using the Console
To set up or modify the account lockout policy for your Directory Server:
In the Directory Server Console, select the Configuration tab and then the
1.
Data node.
In the right pane, select the Account Lockout tab.
2.
To enable account lockout, select the "Accounts may be locked out" checkbox.
3.
Enter the maximum number of allowed bind failures in the "Lockout account
4.
after X login failures" text box. The server locks out users who exceed the
limit you specify here.
Enter the number of minutes you want the server to wait before resetting the
5.
bind failure counter to 0 in the "Reset failure counter after X minutes" text
box.
Set the interval you want users to be locked out of the directory.
6.
Select the Lockout Forever radio button to lock users out until their
passwords have been reset by the administrator.
Set a specific lockout period by selecting the Lockout Duration radio button
and entering the time (in minutes) in the text box.
When you have finished making changes to the account lockout policy, click
7.
Save.
Configuring the Account Lockout Policy Using the Command-Line
This section describes the attributes you set to create an account lockout policy to
protect the passwords stored in your server. Use
attributes in the
292
Red Hat Directory Server Administrator's Guide • May 2005
entry.
cn=config
to change these
ldapmodify
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR
Related Products for Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 7.1 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers