Administering the Kerberos Server
Password Policy FilePassword Policy FileThe password policy file controls password rules, such as password length, number of character types, and the lifetime of a password. The password.policy file located on each of the primary and secondary security servers in the /opt/krb5 directory.
Editing the Default FileTo edit the password policy file and configure it to match the requirements of your organization, use a text editor on the primary security server. You must have the appropriate
The default password policy file is designed around the following instances or policy groups:
| • Principals that do not have an instance |
|
| • Principals with an admin instance |
|
| • Principals with a root instance |
|
| • The base group named *, which consists of all the other principals | |
| You can also add more policy groups to identify specific instances in your | |
| enterprise. |
|
| Table | |
| base group and the * instance group in the password policy file. | |
Table | Default Password Policy Settings for the Base Group | |
|
|
|
| Password Policy Setting | Default Value |
|
|
|
| *.MaxRepeatChars | 3 |
|
|
|
| *.MaxRepeatClasses | 4 |
|
|
|
| *.MaximumMatch | 4 |
|
|
|
| *.MinimumLength | 6 |
|
|
|
| *.MinimumClasses | 2 |
|
|
|
Chapter 8 | 119 |