To prevent users from rapidly cycling through the number of passwords that are tracked, use the passwordMinAge attribute.

For more information on password policies, see the "Managing Users and Passwords" chapter in the HP-UX Directory Server administrator guide.

Parameter

Description

Entry DN

cn=config

Valid Range

2 to 24 passwords

Default Value

6

Syntax

Integer

Example

passwordInHistory: 7

2.3.1.110 passwordIsGlobalPolicy (Password policy and replication)

This attribute controls whether password policy attributes are replicated.

Parameter

Description

Entry DN

cn=config

Valid Values

on or off

Default Value

off

Syntax

DirectoryString

Example

passwordIsGlobalPolicy: off

2.3.1.111 passwordLockout (Account lockout)

Indicates whether users are locked out of the directory after a given number of failed bind attempts. By default, users are not locked out of the directory after a series of failed bind attempts. If account lockout is enabled, set the number of failed bind attempts after which the user is locked out using the passwordMaxFailure attribute.

For more information on password policies, see the "Managing Users and Passwords" chapter in the HP-UX Directory Server administrator guide.

Parameter

Description

Entry DN

cn=config

Valid Values

on or off

Default Value

on

Syntax

DirectoryString

Example

passwordLockout: off

2.3.1.112 passwordLockoutDuration (Lockout duration)

Indicates the amount of time in seconds during which users are locked out of the directory after an account lockout. The account lockout feature protects against hackers who try to break into the directory by repeatedly trying to guess a user's password. Enable and disable the account lockout feature using the passwordLockout attribute.

2.3 Core server configuration attributes reference

65

Page 65
Image 65
HP UX Identity Security Software PasswordIsGlobalPolicy Password policy and replication, PasswordLockout Account lockout