Password Policy Attributes; Password Change After Reset - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for DIRECTORY SERVER 8.1 - DEPLOYMENT:

Command reference manual (372 pages)

Configuration and command reference (292 pages)

Reference (228 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

page of 164

/ 164
Contents
Table of Contents
Bookmarks

Table of Contents

• The password minimum length policy is activated. If the new value of userPassword is less than

the required minimum length, the server returns a constraintViolation error. The password update

operation fails.

• The password syntax checking policy is activated. If the new value of userPassword is the same

as another attribute of the entry, the server returns a constraintViolation error. The password update

operation fails.

8.6.2. Password Policy Attributes

The following sections describe the attributes to create a password policy for the server:

Section 8.6.2.1, "Password Change after Reset"

•

Section 8.6.2.2, "User-Defined Passwords"

•

Section 8.6.2.3, "Password Expiration"

•

Section 8.6.2.4, "Expiration Warning"

•

Section 8.6.2.5, "Grace Login Limit"

•

Section 8.6.2.6, "Password Syntax Checking"

•

Section 8.6.2.7, "Password Length"

•

Section 8.6.2.8, "Password Minimum Age"

•

Section 8.6.2.9, "Password History"

•

Section 8.6.2.10, "Password Storage Schemes"

•

Refer to the Red Hat Directory Server Administrator's Guide for instructions on how to set these

attributes.

8.6.2.1. Password Change after Reset

The Directory Server password policy can specify whether users must change their passwords after

the first login or after the password has been reset by the administrator.

The default passwords set by the administrator typically follow a company convention, such as the

user's initials, user ID, or the company name. If this convention is discovered, it is usually the first

value that a cracker uses in an attempt to break into the system. It is therefore recommended that

users be required to change their password after it has been reset by an administrator. If this option is

configured for the password policy, users are required to change their password even if user-defined

passwords are disabled.

If users are not required or allowed change their own passwords, administrator-assigned passwords

should not follow any obvious convention and should be difficult to discover.

The default configuration does not require that users change their password after it has been reset.

Section 8.6.2.2, "User-Defined Passwords"

Refer to

for more information.

Password Policy Attributes

121

Table of Contents

Need help?

Do you have a question about the DIRECTORY SERVER 8.1 - DEPLOYMENT and is the answer not in the manual?

Password Policy Attributes; Password Change After Reset - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

8.6.2. Password Policy Attributes

8.6.2.1. Password Change after Reset

Need help?

Questions and answers

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Table of Contents