HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

291

292

293

294

295

296

297

298

299

300

NOTE:

It is not necessary to configure the Directory Server to send a warning to users. The Directory

Server automatically issues a warning the next time the user attempts to log into the Directory

Server Console that the password will soon expire or has expired. This is analogous to an

operating system warning that reads "Warning: password will expire in 7 days"

when a user logs in.

11. For the server to check the syntax of a user password to make sure it meets the minimum

requirements set by the password policy, select the Check Password Syntax checkbox.

Then, specify required password complexity, such as the minimum length and required

number of numeric and special characters. The password syntax requirements are described

more in Table 7-1 “Password policy attributes”.

12. From the Password Encryption pull-down menu, select the encryption method for the

server to use when storing passwords.

For detailed information about the encryption methods, see the passwordStorageScheme

attribute in Table 7-1 “Password policy attributes”.

The Password Encryption menu might contain other encryption methods, as the directory

dynamically creates the menu depending upon the existing encryption methods it finds in

the directory.

13. Click Save.

7.1.1.2 Configuring a subtree/user password policy using the console

1. Enable fine-grained password policy globally.

a. Select the Configuration tab, then click the Data node.

b. In the right pane, select the Passwords tab.

c. Check the Enable fine-grained password policy checkbox.

d. Click Save.

NOTE:

The password policy must be enabled globally before it will be applied locally. No other

global password policy features must be set, and the global password policy will not override

the local policy if they differ.

2. Create the local password policy for the subtree or user.

a. Select the Directory tab.

b. In the navigation pane, select the subtree or user entry for which to set up the password

policy.

c. From the Object menu, select the Manage Password Policy option, then select the

For user or For subtree.

Either the User Password Policy or Subtree Password Policy window appears.

d. In the Passwords tab, select the Create subtree/user level password policy checkbox

to add the required attributes, fill in the appropriate values, and click Save.

e. In the Account Lockout tab, specify the appropriate information, and click Save.

7.1.1.3 Configuring a global password policy using the command line

To set up the password policy for a subtree or user, add the required entries and attributes at

the subtree or user level, set the appropriate values to the password policy attributes, and enable

fine-grained password policy checking.

7.1 Managing the password policy 295