Passwordlockoutduration (Lockout Duration); Passwordmaxage (Password Maximum Age); Passwordmaxfailure (Maximum Password Failures) - Netscape DIRECTORY SERVER 7.0 Configuration Manual

Core Server Configuration Attributes Reference

passwordLockoutDuration (Lockout Duration)

Indicates the amount of time in seconds during which users will be locked out of
the directory after an account lockout. The account lockout feature protects
against hackers who try to break into the directory by repeatedly trying to guess a
user's password. You enable and disable the account lockout feature using the
passwordLockout
For more information on password policies, see chapter 7, "User Account
Management," in the Netscape Directory Server Administrator's Guide.
Entry DN:
Valid Range:
Default Value:
Syntax:
Example:

passwordMaxAge (Password Maximum Age)

Indicates the number of seconds after which user passwords will expire. To use
this attribute, you must enable password expiration using the
attribute.
For more information on password policies, see chapter 7, "User Account
Management," in the Netscape Directory Server Administrator's Guide.
Entry DN:
Valid Range:
Default Value:
Syntax:
Example:

passwordMaxFailure (Maximum Password Failures)

Indicates the number of failed bind attempts after which a user will be locked out
of the directory. By default, account lockout is disabled. You can enable account
lockout by modifying the
88 Netscape Directory Server Configuration, Command, and File Reference • October 2004
attribute.
cn=config
1 to the maximum 32 bit integer value (2147483647) in seconds
3600
Integer
passwordLockoutDuration: 3600
cn=config
1 to the maximum 32 bit integer value (2147483647) in seconds
8640000 (100 days)
Integer
passwordMaxAge: 100
passwordLockout
passwordExp
attribute.