Administering the Kerberos Server
Password Policy File
Table |
| Default Password Policy Settings for the Base Group | |
|
|
|
|
|
| Password Policy Setting | Default Value |
|
|
|
|
|
| *.Expiration | None |
|
|
|
|
|
| *.MinimumAge | None |
|
|
|
|
|
| *.NotifyTime | 7d |
|
|
|
|
|
| *.Dictionaries | None |
|
|
|
|
|
| *.MaxFailAuthCnt | 10 |
|
|
|
|
|
| *.NoReqChangePwd | 0 |
|
|
|
|
|
| *.MaximumHistory | 1 |
|
|
|
|
|
| If you modify the MaxfailAuthCnt parameter, you must copy the | |
|
| password policy file to the secondary security server and restart kdcd on | |
|
| both the secondary and primary secondary security servers. | |
|
|
|
|
NOTE |
| MaxFailAuthCnt is the only parameter that the secondary security | |
|
| servers read in the password policy file. |
|
|
|
|
|
If you edit the password policy file on the primary security server, the file must be copied to each secondary security server, so that all the servers have an updated version of this file.
For more information on the password policy file, type man 4 password.policy at the
120 | Chapter 8 |