1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
  6. Deployment manual

Designing A Password Policy In A Replicated Environment; Designing An Account Lockout Policy - Netscape DIRECTORY SERVER 6.01 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Designing a Password Policy in a Replicated
Environment
Password and account lockout policies are enforced in a replicated environment as
follows:
Password policies are enforced on the data master.
Account lockout is enforced on the replicas.
The password policy information in your directory, such as password age, the
account lockout counter, and the expiration warning counter, are all replicated.
However, the configuration information is kept locally and is not replicated. This
information includes the password syntax and the history of password
modifications.
When configuring a password policy in a replicated environment, consider the
following points:
All replicas issue warnings of an impending password expiration. This
information is kept locally on each server, so if a user binds to several replicas
in turn, the user receives the same warning several times. In addition, if the
user changes the password, it may take time for this information to filter to the
replicas. If a user changes a password and then immediately rebinds, the bind
may fail until the replica registers the changes.
You want the same bind behavior to occur on all servers, including masters
and replicas. Make sure you create the same password policy configuration
information on each server.
Account lockout counters may not work as expected in a multi-master
environment.

Designing an Account Lockout Policy

Once you have established a password policy for your directory, you can protect
your user passwords from potential threats by configuring an account lockout
policy.
The lockout policy works in conjunction with the password policy to provide
further security. The account lockout feature protects against hackers who try to
break into the directory by repeatedly trying to guess a user's password. You can
set up your password policy so that a specific user is locked out of the directory
after a given number of failed attempts to bind.
Designing a Password Policy
Chapter 7
Designing a Secure Directory
133

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.01

Table of Contents