Manualshelf

HP-UX Directory Server 8.1 Administrator (766147-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
291292293294295296297298299300
7 Managing User Authentication
When a user connects to the HP-UX Directory Server, first the user is authenticated. Then, the
directory grants access rights and resource limits to the user depending upon the identity established
during authentication.
This chapter describes tasks for managing users, including configuring the password and account
lockout policy for the directory, denying groups of users access to the directory, and limiting system
resources available to users depending upon their bind DNs.
Topics include:
“Managing the password policy” (page 291)
“Inactivating users and roles” (page 302)
“Setting Resource Limits Based on the bind DN” (page 304)
“Using the account policy plug-in for inactivity limits” (page 314)
Managing the password policy
A password policy minimizes the risks of using passwords by enforcing the following:
Users must change their passwords according to a schedule.
Users must provide nontrivial passwords.
The password syntax must meet certain complexity requirements.
After establishing a password policy, which can be for the entire directory or for specific subtrees
or users, user passwords can be protected from potential threats by configuring an account lockout
policy. Account lockout protects against hackers who try to break into the directory by repeatedly
guessing a user's password.
For an overview on password policy, see "Designing a Password Policy" in the HP-UX Directory
Server deployment guide.
This section provides information about configuring password and account lockout policies:
“Configuring the password policy” (page 291)
“Setting user passwords” (page 298)
“Password change extended operation” (page 298)
“Configuring the account lockout policy” (page 299)
“Managing the password policy in a replicated environment” (page 300)
“Synchronizing passwords” (page 301)
Configuring the password policy
Directory Server supports fine-grained password policy, so password policies can be applied to
the entire directory (global password policy), a particular subtree (subtree level or local password
policy), or a particular user (user level or local password policy).
Managing the password policy 291