Planning and Configuring HP DCE 1.8

Chapter 1 47

About HP DCE/9000 Version 1.8

HP Password Management Server

attached, then the Password Management Server uses the DCE Registry

algorithm only.

The example Password Management Server does not support values 1 or

2 for pwd_SecureWare_chk, since these use proprietary SecureWare

algorithms. If a principal is conﬁgured with a pwd_SecureWare_chk

value of 1 or 2, the principal will be unable to change passwords, and the

logﬁle /var/ opt/dce/security/pwd_strength.log will report

that the pwd_SecureWare_chk level is not supported.

An example of a dcecp command for conﬁguring a principal with these

attributes is:

dcecp -c principal modify esmerelda -add { \

{pwd_val_type 1} \

{pwd_mgmt_binding { \ {dce /.:/pwd_strength pktprivacy secret

name} \

{/.:/subsys/dce/sec/pwd_mgmt/pwd_strength} \

} \

{pwd_SecureWare_chk 0} \ }

You must set the minimum length of the password using the DCE

Registry policies:

dcecp -c registry modify -change {pwdminlen 6}

Examples of other DCE Registry password policy attributes in dcecp

syntax are:

{pwdalpha no}

{pwdspaces no}

{pwdexpdate no}

{pwdlife unlimited effective 5 days}

Only the pwdminlen, pwdalpha, and pwdspaces attributes are

checked by the Password Management Server; the DCE Registry checks

the remaining attributes itself.