1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
  6. Deployment manual

Password Expiration; Expiration Warning; Grace Login Limit - Netscape DIRECTORY SERVER 6.2 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Designing a Password Policy

Password Expiration

You can set your password policy so that users can use the same passwords
indefinitely. Or, you can set your policy so that passwords expire after a given
time. In general, the longer a password is in use, the more likely it is to be
discovered. On the other hand, if passwords expire too often, users may have
trouble remembering them and resort to writing their passwords down. A
common policy is to have passwords expire every 30 to 90 days.
The server remembers the password expiration even if you turn the password
expiration feature off. This means that if you turn the password expiration option
back on, passwords are valid only for the duration you set before you last disabled
the feature. For example, suppose you set up passwords to expire every 90 days
and then decided to disable password expiration. When you decide to re-enable
password expiration, the default password expiration duration is 90 days because
that is what you had it set to before you disabled the feature.
By default, user passwords never expire.

Expiration Warning

If you choose to set your password policy so that user passwords expire after a
given number of days, it is a good idea to send users a warning before their
passwords expire. You can set your policy so that users are sent a warning 1 to
24,855 days before their passwords expire. The Directory Server displays the
warning when the user binds to the server. If password expiration is turned on,
by default, a warning is sent (via LDAP message) to the user one day before the
user's password expires, provided the user's client application supports this
feature.

Grace Login Limit

If you want to allow some users to login using their expired passwords, you
should specify the number of grace login attempts that are allowed to a user
after the password has expired.
By default, grace logins are not permitted.
Chapter 7
Designing a Secure Directory
151

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT and is the answer not in the manual?

Questions and answers

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.2

Table of Contents