Password-Quality Checker - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual

Password-Quality Checker

Note that in the above example:
• The string
internaldb.ldapauth.bindPWPrompt
file; it provides a descriptive usage for the password Certificate Management
System uses to bind to the internal database.
• The string
Netscape Software Cryptographic Service provider; you cannot change it. You
can only change the corresponding password.
Other entries may appear in the password cache. For example, if you set up
PIN-based authentication with the remove PIN option, you will see an entry for the
password Certificate Management System uses to bind to the authentication
directory to remove a PIN after a user successfully authenticates; for details, see
UidPwdPinDirAuth
LDAP publishing with basic authentication, you will also see an entry for the
password Certificate Management System will use to bind to the publishing
directory; for details, see "Step 5. Identify the Publishing Directory" on page 636.
Except for the string
prompts by modifying the corresponding value in the configuration file and then
replacing (delete the old item and add the new item) the current entry in the
password cache with the new prompt and the password using the
utility explained in the CMS Command-Line Tools Guide.
When various modules in the server, such as authentication and LDAP publishing,
initialize, they query the password cache for the password. The password cache
returns the password if it has it, or else it prompts the user for one. Note that this
prompting happens only at server startup time, which means whenever you
change any of the required passwords or provide new passwords, you must restart
the server from the command-line (see "Starting From the Command Line" on
page 309) so that Certificate Management System can prompt you for the new
passwords in order to update the cache.
Password-Quality Checker
Certificate Management System comes with a plug-in, called password-quality
checker, to monitor the quality of passwords set within the CMS system. All
passwords used in Certificate Management System are checked by the
password-quality checker, which by default checks that the length of a password is
316 Netscape Certificate Management System Installation and Setup Guide • March 2002
Internal LDAP Database
Internal Key Storage Token
plug-in module in CMS Plug-Ins Guide. Similarly, if you enable
Internal LDAP Database
is the default value assigned to the
parameter in the CMS configuration
is hardcoded and it refers to the
, you can change any of the above
PasswordCache