Configuring the Password Policy

force the users to update their password.

5.To allow users to change their own passwords, select the User may change password checkbox.

6.To prevent users from changing their password for a specific duration, enter the number of days in the Allow changes in X day(s) text box.

7.For the server to maintain a history list of passwords used by each user, select the Keep password history checkbox. Enter the number of passwords for the server to keep for each user in the Remember X passwords text box.

8.If user passwords should not expire, select the Password never expires radio button.

9.To require users to change their passwords periodically, select the Password expires after X days radio button, and then enter the number of days that a user password is valid.

The maximum value for the password age is derived by subtracting January 18, 2038, from today's date. The entered value must not be set to the maximum value or too close to the maximum value. Setting the value to the maximum value can cause the Directory Server to fail to start because the number of seconds will go past the epoch date. In such an event, the error log will indicate that the password maximum age is invalid. To resolve this problem, correct the passwordMaxAge attribute value in the dse.ldif file.

A common policy is to have passwords expire every 30 to 90 days. By default, the password maximum age is set to 8640000 seconds (100 days).

10.If the Password expire after X days radio button is selected, specify how long before the password expires to send a warning to the user. In the Send Warning X Days Before Password Expires text enter the number of days before password expiration to send a warning.

NOTE

It is not necessary to configure the Directory Server to send a warning to users. The Directory Server automatically issues a warning the next time the user attempts to log into the Directory Server Console that the password will soon expire or has expired. This is analogous to an operating system warning that reads "Warning: password will expire in 7 days" when a user logs in.

11.For the server to check the syntax of a user password to make sure it meets the minimum requirements set by the password policy, select the Check Password Syntax checkbox. Then, specify required password complexity, such as the minimum length and required number of numeric and special characters. The password syntax requirements are described more in Table 7.1, “Password Policy Attributes”.

12.From the Password Encryption pull-down menu, select the encryption method for the

245

Page 265
Image 265
HP UX Red Hat Direry Server Software manual Configuring the Password Policy