Manualshelf

Planning and Configuring HP DCE 1.7

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
41424344454647484950
Planning and Configuring HP DCE 1.7 1-33
About HP DCE/9000 Version 1.7
HP Password Management Server
0 — Check passwords entered by this principal using the DCE Registry
policy only.
1 — Check passwords entered by this principal using the Password
Management Server.
2 — Principal may either choose a password (which is then checked with
the Password Management Server), or can use a password that has been
generated by the Password Management Server (no additional strength
checking is done).
3 — Principal must use a password generated by the Password
Management Server.
The HP Account Manager can facilitate the administration of ERAs.
pwd_mgmt_binding attribute
The pwd_mgmt_binding attribute specifies the binding to the
Password Management Server that will be used for this principal. In
future releases, more than one Password Management Server may be
supported, but for now, the value of the pwd_mgmt_binding attribute
must always be:
{pwd_mgmt_binding {{dce /.:/pwd_strength pktprivacy secret name} \
{/.:/subsys/dce/sec/pwd_mgmt/pwd_strength}}} \
pwd_SecureWare_chk
HP’s default implementation of the Password Management Server uses
an additional Extended Registry Attribute to control the level of strength
checking algorithm that will be applied to a given principal. The values
are:
0 — Use DCE Registry algorithm only (such as, depending on DCE
registry policies, check password length, blanks, alphanumeric).
1 — In addition to checking against the DCE Registry algorithm, use a
proprietary SecureWare algorithm that verifies the password meets
certain tests for non-triviality (not a circular shift of the principal’s name
or its reverse, contains at least 2 alphanumeric characters, contains at
least one non-alphanumeric character).
2 — In addition to the two previous checks, use a proprietary
SecureWare algorithm that verifies the password is not a word (and is
not a palindrome, does not contain the same characters as any group or
principal name in the DCE Registry, and is not found in the spell
program’s dictionary).