Chapter 7. Managing User Accounts and Passwords

Attribute Name

Definition

 

 

 

password will appear in plain text.

 

The only password storage scheme that can

 

be used with SASL DIGEST-MD5 is CLEAR.

 

Passwords stored using crypt, SHA, or SSHA

 

formats cannot be used for secure login

 

through SASL Digest MD5. To provide a

 

customized storage scheme, consult Red Hat

 

professional services.

 

 

Table 7.1. Password Policy Attributes

1.1.4.Configuring Subtree/User Password Policy Using the Command-Line

To configure a subtree or user level password policy, do the following:

1.Add the required attributes to the subtree or user entries by running the ns-newpwpolicy.plscript.

The command syntax for the script is as follows:

ns-newpwpolicy.pl [-D rootDN] { -w password -w - -j filename }[-p port] [-h host]

-U userDN -S suffixDN

For updating a subtree entry, use the -Soption. For updating a user entry, use the -Uoption. The ns-newpwpolicy.plscript accepts only one user or subtree entry at a time. It can, however, accept both user and suffix entries at the same time. For details about the script, see the Directory Server Configuration, Command, and File Reference.

2.The script adds the required attributes depending on whether the target entry is a subtree or user entry.

For a subtree (for example, ou=people, dc=example, dc=com), the following entries are added:

A container entry (nsPwPolicyContainer)at the subtree level for holding various password policy-related entries for the subtree and all its children. For example:

dn: cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

objectClass: top

objectClass: nsContainer

cn: nsPwPolicyContainer

252

Page 272
Image 272
HP UX Red Hat Direry Server Software manual Password Policy Attributes