Planning and Configuring HP DCE 1.7
1-34 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
HP Password Management Server
If a principal does not have an instance of pwd_SecureWare_chk
attached, then the Password Management Server uses the DCE Registry
algorithm only.
The example Password Management Server does not support values 1 or
2 for pwd_SecureWare_chk, since these use proprietary SecureWare
algorithms. If a principal is configured with a pwd_SecureWare_chk
value of 1 or 2, the principal will be unable to change passwords, and the
logfile /var/ opt/dce/security/pwd_strength.log will report that the
pwd_SecureWare_chk level is not supported.
An example of a dcecp command for configuring a principal with these
attributes is:
dcecp -c principal modify esmerelda -add { \
{pwd_val_type 1} \
{pwd_mgmt_binding { \
{dce /.:/pwd_strength pktprivacy secret name} \
{/.:/subsys/dce/sec/pwd_mgmt/pwd_strength} \
} \
} \
{pwd_SecureWare_chk 0} \ }
You must set the minimum length of the password using the DCE
Registry policies:
dcecp -c registry modify -change {pwdminlen 6}
Examples of other DCE Registry password policy attributes in dcecp
syntax are:
{pwdalpha no}
{pwdspaces no}
{pwdexpdate none}
{pwdlife unlimited effective 5 days}
Only the pwdminlen, pwdalpha, and pwdspaces attributes are
checked by the Password Management Server; the DCE Registry checks
the remaining attributes itself.