HP-UX Directory Server 8.1 administrator guide
Table 7-1 Password policy attributes (continued)
DefinitionAttribute name
This attribute indicates whether the directory stores a password history. When set to on,
the directory stores the number of passwords specified in the passwordInHistory
attribute in a history. If a user attempts to reuse one of the passwords, the password will
be rejected. When this attribute is set to off, any passwords stored in the history remain
there. When this attribute is set back to on, users will not be able to reuse the passwords
recorded in the history before the attribute was disabled. This attribute is off by default,
meaning users can reuse old passwords.
passwordHistory
This attribute indicates the number of passwords the directory stores in the history. There
can be 2 to 24 passwords stored in the history. This feature is not enabled unless the
passwordHistory attribute is set to on. This attribute is set to 6 by default.
passwordInHistory
When on, this attribute indicates that the password syntax is checked by the server before
the password is saved. Password syntax checking ensures that the password string meets
or exceeds the length and complexity requirements and that the string does not contain
any trivial words. A trivial word is any value stored in the uid, cn, sn, givenName, ou,
or mail attributes of the user's entry. This attribute is off by default.
passwordCheckSyntax
This attribute specifies the minimum number of characters that must be used in passwords.
Shorter passwords are easier to crack. Passwords can be two (2) to 512 characters long.
Generally, a length of eight characters is long enough to be difficult to crack but short
enough for users to remember without writing it down. This attribute is set to 8 by default.
passwordMinLength
This attribute set the maximum number of times that the same character can be used in
row, such as aaaaa. Setting the attribute to 0 means that there is no limit on how many
time a character can be repeated. This attribute is set to 0 by default.
passwordMaxRepeats
This attribute sets the minimum number of alphabetic characters that must be used in the
password. This setting does not set any requirements for the letter case; requirements for
the minimum number of lowercase and uppercase letters are set in the passwordMinLower
and passwordMinUpper attributes, respectively. By default, this attribute is set to 0,
meaning there is no required minimum.
passwordMinAlphas
This attribute sets the minimum number of numeric characters (0 through 9) that must be
used in the password. By default, this attribute is set to 0, meaning there is no required
minimum.
passwordMinDigits
This attribute sets the minimum number of special ASCII characters, such as !@#$., that
must be used in the password. By default, this attribute is set to 0, meaning there is no
required minimum.
passwordMinSpecials
This attribute sets the minimum number of lower case alphabetic characters, a to z, that
must be used in the password. By default, this attribute is set to 0, meaning there is no
required minimum.
passwordMinLowers
This attribute sets the minimum number of categories that must be used in the password.
There are eight categories available:
Uppercase letters (A to Z)
Lowercase letters (a to z)
Numbers (0 through 9)
Special ASCII characters, such as $
ASCII alphabetic characters, regardless of case (a to z and A to Z)
8-bit characters
Repeated characters, such as aaaaaa
This attribute is set to 3 by default.
passwordMinCategories
This attribute sets the minimum number of upper case alphabetic characters, A to Z, that
must be used in the password. By default, this attribute is set to 0, meaning there is no
required minimum.
passworMinUppers
This attribute sets the minimum length for any tokens used with Directory Server. The
token length can be from 1 to 64 characters. This attribute is set to 3 by default.
passwordTokenLength
7.1 Managing the password policy 297