Administration
Password Policy File
Password Policy File
This file controls password rules such as password length, number of character types, and the lifetime of a password. The file, password.policy, is located on each of the primary and secondary security servers. This file can be located at:
/opt/krb5
Editing the Default File
To edit the password policy file and configure it to match your organization’s requirements, use a text editor on the primary security server. You must have the appropriate
The default password policy file is designed around the four instances or policy groups namely,
| • principals who do not have an instance |
|
| • principals with an admin instance |
|
| • principals with a root instance |
|
| • the base group named * that consists of all the other principals | |
| You can also add more policy groups to identify specific instances in your | |
| enterprise. |
|
| Password policy settings and the defaults for the base group, the * | |
| instance group, in the password policy file are listed below: | |
Table | Default Password Policy Settings for the base group | |
|
|
|
| Password Policy setting | Default |
|
|
|
| * .MaxRepeatChars | 3 |
|
|
|
| * .MaxRepeatClasses | 4 |
|
|
|
| *.MaximumMatch | 4 |
|
|
|
| *.MinimumLength | 6 |
|
|
|
| *.MinimumClasses | 2 |
|
|
|
|
|
|
Chapter 6 | 101 |
