About HP DCE/9000 Version 1.7
HP Password Management Server
0 — Check passwords entered by this principal using the DCE Registry policy only.
1 — Check passwords entered by this principal using the Password Management Server.
2 — Principal may either choose a password (which is then checked with the Password Management Server), or can use a password that has been generated by the Password Management Server (no additional strength checking is done).
3 — Principal must use a password generated by the Password Management Server.
The HP Account Manager can facilitate the administration of ERAs.
pwd_mgmt_binding attribute
The pwd_mgmt_binding attribute specifies the binding to the Password Management Server that will be used for this principal. In future releases, more than one Password Management Server may be supported, but for now, the value of the pwd_mgmt_binding attribute must always be:
{pwd_mgmt_binding {{dce /.:/pwd_strength pktprivacy secret name} \ {/.:/subsys/dce/sec/pwd_mgmt/pwd_strength}}} \
pwd_SecureWare_chk
HP’s default implementation of the Password Management Server uses an additional Extended Registry Attribute to control the level of strength checking algorithm that will be applied to a given principal. The values are:
0 — Use DCE Registry algorithm only (such as, depending on DCE registry policies, check password length, blanks, alphanumeric).
1 — In addition to checking against the DCE Registry algorithm, use a proprietary SecureWare algorithm that verifies the password meets certain tests for
2 — In addition to the two previous checks, use a proprietary SecureWare algorithm that verifies the password is not a word (and is not a palindrome, does not contain the same characters as any group or principal name in the DCE Registry, and is not found in the spell program’s dictionary).
Planning and Configuring HP DCE 1.7 |