Table of Contents
Advertisement
Managing the Password Policy
Managing the Password Policy in a Replicated
Environment
Password and account lockout policies are enforced in a replicated environment
as follows:
•
Password policies are enforced on the data master.
•
Account lockout is enforced on all servers participating in replication.
Some of the password policy information in your directory is replicated. The
replicated attributes are:
•
passwordMinAge
•
passwordExp
•
passwordWarning
However, the configuration information is kept locally and is not replicated. This
information includes the password syntax and the history of password
modifications. Account lockout counters and tiers are not replicated, either.
When configuring a password policy in a replicated environment, consider the
following points:
•
Warnings from the server of an impending password expiration will be
issued by all replicas. This information is kept locally on each server, so if a
user binds to several replicas in turn, they will be issued the same warning
several times. In addition, if the user changes the password, it may take time
for this information to filter to the replicas. If a user changes a password and
then immediately rebinds, he may find that the bind fails until the replica
registers the changes.
•
You want the same bind behavior to occur on all servers, including suppliers
and replicas. Make sure to create the same password policy configuration
information on each server.
•
Account lockout counters many not work as expected in a multi-mastered
environment.
•
Entries that are created for replication (for example, the server identities)
need to have passwords that never expire. To make sure that these special
users have passwords that do not expire, add the
attribute to the entry, and give it a value of
valid range).
294
Red Hat Directory Server Administrator's Guide • May 2005
and
passwordMaxAge
passwordExpirationTime
(the top of the
20380119031407Z
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR
Related Products for Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 7.1 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers