Red Hat DIRECTORY SERVER 8.0 Command Reference Manual page 71

Hide thumbs Also See for DIRECTORY SERVER 8.0:

Installation manual (128 pages)

Administration manual (552 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

page of 278

/ 278
Contents
Table of Contents
Bookmarks

Table of Contents

For more information on password policies, see the "Managing Users and Passwords" chapter in the

Directory Server Administrator's Guide.

Parameter

Entry DN

Valid Values

Default Value

Syntax

Example

2.3.1.122. passwordResetFailureCount (Reset Password Failure Count

After)

Indicates the amount of time in seconds after which the password failure counter resets. Each time

an invalid password is sent from the user's account, the password failure counter is incremented. If

the passwordLockout attribute is set to on, users are locked out of the directory when the counter

reaches the number of failures specified by the passwordMaxFailure attribute (within 600 seconds

by default). After the amount of time specified by the passwordLockoutDuration attribute, the

failure counter is reset to zero (0).

For more information on password policies, see the "Managing Users and Passwords" chapter in the

Directory Server Administrator's Guide.

Parameter

Entry DN

Valid Range

Default Value

Syntax

Example

2.3.1.123. passwordStorageScheme (Password Storage Scheme)

This attribute sets the type of encryption used to store Directory Server passwords.

The following encryption types are supported by the Directory Server:

• CLEAR means the password is stored in cleartext, with no hashing or encryption. This scheme must

be used in order to use SASL DIGEST-MD5.

• SSHA (Salted Secure Hash Algorithm), the default, is the recommended method because it is the

most secure. There are several bit sizes available: 140 bits (the default), 256, 384, and 512.

• SHA (Secure Hash Algorithm) is included only for backward compatibility with 4.x Directory Servers;

do not use this algorithm.

• MD5 (Message Digest algorithm 5) is a commonly used standard hashing algorithm.

• CRYPT, the UNIX crypt algorithm, is provided for compatibility with UNIX passwords.

Description

cn=config

on | off

off

DirectoryString

passwordMustChange: off

Description

cn=config

1 to the maximum 32 bit integer value

(2147483647) in seconds

600

Integer

passwordResetFailureCount: 600

cn=config

Table of Contents

Chapters

Table of Contents

Red Hat DIRECTORY SERVER 8.0 Command Reference Manual page 71

Chapters

Related Manuals for Red Hat DIRECTORY SERVER 8.0

Related Products for Red Hat DIRECTORY SERVER 8.0

Table of Contents