Password-Quality Checker - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Password-Quality Checker

Except for the string , you can change any of the above
Internal LDAP Database
prompts by modifying the corresponding value in the configuration file and then
replacing (delete the old item and add the new item) the current entry in the
password cache with the new prompt and the password using the
PasswordCache
utility explained in the CMS Command-Line Tools Guide.
When various modules in the server, such as authentication and LDAP publishing,
initialize, they query the password cache for the password. The password cache
returns the password if it has it, or else it prompts the user for one. Note that this
prompting happens only at server startup time, which means whenever you
change any of the required passwords or provide new passwords, you must restart
the server from the command-line (see "Starting From the Command Line" on
page 318) so that the watchdog can prompt you for the new passwords in order to
update the cache.
Password-Quality Checker
Certificate Management System comes with a plugin, called password-quality
checker, to monitor the quality of passwords set within the CMS system. All
passwords used in Certificate Management System are checked by the
password-quality checker, which by default checks that the length of a password is
at least 8 characters long; there are no checks regarding which characters are valid
or invalid. If you use a password that doesn't meet the quality rules, you will get an
error message indicating that the password didn't meet the password-quality
rules.
Note that Certificate Management System enforces password quality on only those
passwords that it strictly creates and manages. Passwords you enter for LDAP
directory access are not subjected to quality checks. The reason for this is, the
password quality is handled by the system that creates and manages the password.
In an LDAP directory access, the remote directory that you authenticate to enforces
the password quality of the password you use because it is created and managed
by the directory.
To enable you to customize password quality, the plugin for the password-quality
checker is included in the CMS samples package; for example, you can change the
default rule to ensure that all CMS passwords are constructed with certain types of
characters such as numbers, symbols, capital letters, and so on. The samples
package is located here:
<server_root>/cms_sdk/cms_jdk/samples
Chapter 8 Starting and Stopping CMS Instances 327