Planning and Configuring HP DCE 1.8
46 Chapter1
About HP DCE/9000 Version 1.8
HP Password Management Server
policy only.
1 — Check passwords entered by this principal using the Password
Management Server.
2 — Principal may either choose a password (which is then checked with
the Password Management Server), or can use a password that has been
generated by the Password Management Server (no additional strength
checking is done).
3 — Principal must use a password generated by the Password
Management Server.
The HP Account Manager can facilitate the administration of ERAs.
pwd_mgmt_binding attribute
The pwd_mgmt_binding attribute specifies the binding to the
Password Management Server that will be used for this principal. In
future releases, more than one Password Management Server may be
supported, but for now, the value of the pwd_mgmt_binding attribute
must always be:
{pwd_mgmt_binding {{dce /.:/pwd_strength pktprivacy secret
name} \ {/.:/subsys/dce/sec/pwd_mgmt/pwd_strength}}} \
pwd_SecureWare_chk
HP's default implementation of the Password Management Server uses
an additional Extended Registry Attribute tocontrol the level of strength
checking algorithm that will be applied to a given principal. The values
are:
0 — Use DCE Registry algorithm only (such as, depending on DCE
registry policies, check password length, blanks, alphanumeric).
1 — In addition to checking against the DCE Registry algorithm, use a
proprietary SecureWare algorithm that verifies the password meets
certain tests for non-triviality (not a circular shift of the principal's name
or its reverse, contains at least 2 alphanumeric characters, contains at
least one non-alphanumeric character).
2 — In addition to the two previous checks, use a proprietary
SecureWare algorithm that verifies the password is not a word (and is
not a palindrome, does not contain the same characters as any group or
principal name in the DCE Registry, and is not found in the spell
program's dictionary).
If a principal does not have an instance of pwd_SecureWare_chk