Designing A Password Policy - Netscape DIRECTORY SERVER 6.1 - DEPLOYMENT Deployment Manual

Account inactivation is implemented through the operational attribute
nsAccountLock
of
true
You use the same procedures for inactivating users and roles. However,
inactivating a role means that you inactivate all of the members of that role and not
the role entry itself. For more information about roles, refer to "About Roles," on
page 71.

Designing a Password Policy

A password policy is a set of rules that govern how passwords are used in a given
system. The password policy mechanism provided by Directory Server allows you
to dictate such things as how short a password must be and whether users can
reuse passwords. When users attempt to bind to the directory, the directory
compares the password with the value in the password attribute of the user's
directory entry to make sure they match. Directory Server also uses the rules
defined by the password policy to ensure that the password is valid before
allowing the user to bind to the directory.
Figure 7-1 illustrates how password-policy checks are enforced when a BIND
request is processed.
. When an entry contains the
, the server rejects the bind.
Designing a Password Policy
attribute with a value
nsAccountLock
Chapter 7 Designing a Secure Directory 139