Passwordresetfailurecount (Reset Password Failure Count After); Passwordstoragescheme (Password Storage Scheme) - Netscape DIRECTORY SERVER 6.0 Configuration Manual

passwordResetFailureCount (Reset Password Failure Count After)

Indicates the amount of time in seconds after which the password failure counter
will be reset. Each time an invalid password is sent from the user's account, the
password failure counter is incremented. If the
to on, users will be locked out of the directory when the counter reaches the
number of failures specified by the
seconds by default). After the amount of time specified by the
passwordLockoutDuration
For more information on password policies see Chapter 7, "User Account
Management" in the Netscape Directory Server Administrator's Guide.
Entry DN
cn=config
Valid Range 1 to the maximum 32 bit integer value (2147483647) in seconds
Default Value
600
Integer
Syntax
Example
passwordResetFailureCount: 600

passwordStorageScheme (Password Storage Scheme)

Specifies the type of encryption used to store Directory Server passwords. Enter the
password in for this attribute indicates that the password will appear in
CLEAR
plain text.
The following encryption types are supported by the Directory Server 6.0:
• SSHA (Salted Secure Hash Algorithm) is the recommended method as it is the
most secure.
• SHA (Secure Hash Algorithm). This is the method supported by 4.x Directory
Servers.
• CRYPT is the UNIX crypt algorithm. It is provided for compatibility with
UNIX passwords.
NOTE You can no longer choose to encrypt passwords using the
NS-MTA-MD5 password storage scheme. The storage scheme is
still present but only for reasons of backward compatibility.
passwordLockout
passwordMaxFailure
attribute, the failure counter is reset to zero (0).
Chapter 2
Core Server Configuration Attributes Reference
attribute is set
attribute (within 600
Core Server Configuration Reference 77