Manualshelf

HP-UX Directory Server 8.1 configuration, command, and file reference

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
71727374757677787980
The following encryption types are supported by the Directory Server:
CLEAR means the password is stored in cleartext, with no hashing or encryption. This
scheme must be used in order to use SASL DIGEST-MD5.
SSHA (Salted Secure Hash Algorithm), the default, is the recommended method because it
is the most secure. There are several bit sizes available: 140 bits (the default), 256, 384, and
512.
SHA (Secure Hash Algorithm) is included only for backward compatibility with 4.x Directory
Servers; do not use this algorithm.
MD5 (Message Digest algorithm 5) is a commonly used standard hashing algorithm.
CRYPT, the UNIX crypt algorithm, is provided for compatibility with UNIX passwords.
NOTE:
Passwords cannot be encrypted using the NS-MTA-MD5 password storage scheme. The storage
scheme is still present but only for reasons of backward compatibility.
For more information on password policies, see the "Managing Users and Passwords" chapter
in the HP-UX Directory Server administrator guide.
2.3.1.129 passwordUnlock (Unlock account)
Indicates whether users are locked out of the directory for a specified amount of time or until
the administrator resets the password after an account lockout. The account lockout feature
protects against hackers who try to break into the directory by repeatedly trying to guess a user's
password. If this passwordUnlock attribute is set to off and the operational attribute
accountUnlockTime has a value of 0, then the account is locked indefinitely.
For more information on password policies, see the "Managing Users and Passwords" chapter
in the HP-UX Directory Server administrator guide.
DescriptionParameter
cn=configEntry DN
on or off
Valid Values
onDefault Value
DirectoryStringSyntax
passwordUnlock: offExample
2.3.1.130 passwordWarning (Send warning)
Indicates the number of seconds before a user's password is due to expire that the user receives
a password expiration warning control on their next LDAP operation. Depending on the LDAP
client, the user may also be prompted to change their password at the time the warning is sent.
For more information on password policies, see the "Managing Users and Passwords" chapter
in the HP-UX Directory Server administrator guide.
DescriptionParameter
cn=configEntry DN
1 to the maximum 32 bit integer value (2147483647) in secondsValid Range
86400 (1 day)Default Value
IntegerSyntax
passwordWarning: 86400Example
2.3 Core server configuration attributes reference 71