1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
  6. Deployment manual

Designing An Account Lockout Policy; Designing Access Control - Netscape DIRECTORY SERVER 6.2 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Designing Access Control

When configuring a password policy in a replicated environment, consider the
following points:
All replicas issue warnings of an impending password expiration. This
information is kept locally on each server, so if a user binds to several
replicas in turn, the user receives the same warning several times. In
addition, if the user changes the password, it may take time for this
information to filter to the replicas. If a user changes a password and then
immediately rebinds, the bind may fail until the replica registers the
changes.
You want the same bind behavior to occur on all servers, including masters
and replicas. Make sure you create the same password policy configuration
information on each server.
Account lockout counters may not work as expected in a multi-master
environment.

Designing an Account Lockout Policy

Once you have established a password policy for your directory, you can protect
your user passwords from potential threats by configuring an account lockout
policy.
The lockout policy works in conjunction with the password policy to provide
further security. The account lockout feature protects against hackers who try to
break into the directory by repeatedly trying to guess a user's password. You can
set up your password policy so that a specific user is locked out of the directory
after a given number of failed attempts to bind.
Designing Access Control
Once you decide on one or more authentication schemes to establish the identity of
directory clients, you need to decide how to use the schemes to protect information
contained in your directory. Access control allows you to specify that certain
clients have access to particular information, while other clients do not.
You specify access control using one or more access control list (ACL). Your
directory's ACLs consist of a series of one or more access control information (ACI)
statements that either allow or deny permissions (such as read, write, search) and
compare to specified entries and their attributes.
154
Netscape Directory Server Deployment Guide • December 2003

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.2

Table of Contents