Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Password Policy File
Chapter 6 101
Password Policy File
This file controls password rules such as password length, number of
character types, and the lifetime of a password. The file,
password.policy, is located on each of the primary and secondary
security servers. This file can be located at:
/opt/krb5
Editing the Default File
To edit the password policy file and configure it to match your
organization’s requirements, use a text editor on the primary security
server. You must have the appropriate read-write permissions to access
the password policy file.
The default password policy file is designed around the four instances or
policy groups namely,
• principals who do not have an instance
• principals with an admin instance
• principals with a root instance
• the base group named * that consists of all the other principals
You can also add more policy groups to identify specific instances in your
enterprise.
Password policy settings and the defaults for the base group, the *
instance group, in the password policy file are listed below:
Table 6-2 Default Password Policy Settings for the base group
Password Policy setting Default
* .MaxRepeatChars 3
* .MaxRepeatClasses 4
*.MaximumMatch 4
*.MinimumLength 6
*.MinimumClasses 2