Red Hat Directory Server 8.0 Administrator's Guide
Managing User Accounts and
Passwords
When a user connects to the Red Hat Directory Server, first the user is authenticated. Then, the
directory grants access rights and resource limits to the user depending upon the identity
established during authentication.
This chapter describes tasks for managing users, including configuring the password and
account lockout policy for the directory, denying groups of users access to the directory, and
limiting system resources available to users depending upon their bind DNs.
1. Managing the Password Policy
A password policy minimizes the risks of using passwords by enforcing the following:
• Users must change their passwords according to a schedule.
• Users must provide non-trivial passwords.
• The password syntax must meet certain complexity requirements.
After establishing a password policy, which can be for the entire directory or for specific
subtrees or users, user passwords can be protected from potential threats by configuring an
account lockout policy. Account lockout protects against hackers who try to break into the
directory by repeatedly guessing a user's password.
This section provides information about configuring password and account lockout policies:
• Section 1.1, “Configuring the Password Policy”
• Section 1.2, “Setting User Passwords”
• Section 1.3, “Password Change Extended Operation”
• Section 1.4, “Configuring the Account Lockout Policy”
• Section 1.5, “Managing the Password Policy in a Replicated Environment”
• Section 1.6, “Synchronizing Passwords”
1.1. Configuring the Password Policy
Directory Server supports fine-grained password policy, so password policies can be applied to
the entire directory (global password policy), a particular subtree (subtree level or local
password policy), or a particular user (user level or local password policy).
Chapter 7.
243