1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
  6. Deployment manual

Password Minimum Age; Password History; Password Storage Scheme - Netscape DIRECTORY SERVER 6.02 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Designing a Password Policy

Password Minimum Age

You can configure the Directory Server to not allow users to change their
passwords for time you specify. You can use this feature in conjunction with the
passwordHistory
Setting the password minimum age (
example, prevents a user from repeatedly changing her password during a single
session to cycle through the password history and reuse an old password once it is
removed from the history list. You can specify any number from 0 to 24,855 days. A
value of zero (0) indicates that the user can change the password immediately.

Password History

You can set up the Directory Server to store from 2 to 24 passwords in history, or,
you can disable password history, thus allowing users to reuse passwords.
If you set up your password policy to enable password history, the directory stores
a specific number of old passwords. If a user attempts to reuse one of the
passwords the Directory Server has stored, the directory rejects the password. This
feature prevents users from reusing a couple of passwords that are easy to
remember.
The passwords remain in history even if you turn the history feature off. This
means that if you turn the password history option back on, users cannot reuse the
passwords that were in the history before you disabled password history.
The server does not maintain a password history by default.

Password Storage Scheme

The password storage scheme specifies the type of encryption used to store
Directory Server passwords within the directory. You can specify:
Clear text (no encryption)
Secure Hash Algorithm (SHA)
Salted Secure Hash Algorithm (SSHA). This encryption method is the default.
UNIX crypt algorithm
Although passwords stored in the directory can be protected through the use of
access control information (ACI) instructions, it is still not a good idea to store
cleartext passwords in the directory. The crypt algorithm provides compatibility
with UNIX passwords. SSHA is the most secure of the choices.
132
Netscape Directory Server Deployment Guide • May 2002
attribute to discourage users from reusing old passwords.
passwordMinAge
) attribute to 2 days, for

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.02

Table of Contents