Red Hat DIRECTORY SERVER 8.1 Command Reference Manual page 75

2.3.1.120. passwordInHistory (Number of Passwords to Remember)
Indicates the number of passwords the Directory Server stores in history. Passwords that are stored in
history cannot be reused by users. By default, the password history feature is disabled, meaning that
the Directory Server does not store any old passwords, and so users can reuse passwords. Enable
password history using the passwordHistory attribute.
To prevent users from rapidly cycling through the number of passwords that are tracked, use the
passwordMinAge attribute.
This can be abbreviated to pwdInHistory.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.
Parameter
Entry DN
Valid Range
Default Value
Syntax
Example
2.3.1.121. passwordIsGlobalPolicy (Password Policy and Replication)
This attribute controls whether password policy attributes are replicated.
Parameter
Entry DN
Valid Values
Default Value
Syntax
Example
2.3.1.122. passwordKeepHistory
This attribute sets whether a password history is maintained for users.
Parameter
Entry DN
Valid Values
Default Value
Syntax
Example
2.3.1.123. passwordLockout (Account Lockout)
Indicates whether users are locked out of the directory after a given number of failed bind attempts.
By default, users are not locked out of the directory after a series of failed bind attempts. If account
Description
cn=config
2 to 24 passwords
6
Integer
passwordInHistory: 7
Description
cn=config
on | off
off
DirectoryString
passwordIsGlobalPolicy: off
Description
cn=config
0 (no history) or 1 (keep history)
0
DirectoryString
passwordKeepHistory: 1
cn=config
61