Red Hat Directory Server 8.0 Administrator's Guide
Essentially, the password policy is comprised of the following information:
• The type or level of password policy checks. This information indicates whether the server
should check for and enforce a global password policy or local (subtree/user level) password
policies.
• Password add and modify information. The password information includes password syntax
and password history details.
• Bind information. The bind information includes the number of grace logins permitted,
password aging attributes, and tracking bind failures.
The sections that follow describe the procedures for configuring the password policy:
• Section 1.1.1, “Configuring a Global Password Policy Using the Console”
• Section 1.1.2, “Configuring a Subtree/User Password Policy Using the Console”
• Section 1.1.3, “Configuring a Global Password Policy Using the Command-Line”
• Section 1.1.4, “Configuring Subtree/User Password Policy Using the Command-Line”
NOTE
After configuring the password policy, we recommend configuring an account
lockout policy. For details, see Section 1.4, “Configuring the Account Lockout
Policy”.
1.1.1. Configuring a Global Password Policy Using the Console
To set up or modify the password policy for an entire directory, do the following:
1. In the Directory Server Console, select the Configuration tab and then the Data node.
2. In the right pane, select the Passwords tab.
This tab contains the password policy for the entire Directory Server.
3. Check the Enable fine-grained password policy checkbox. Enabling the password policy
makes the other sections on the screen active.
4. To require users to change their password the first time they log on, select the User must
change password after reset checkbox. If this checkbox is selected, only the Directory
Manager is authorized to reset the user's password. A regular administrative user cannot
Chapter 7. Managing User Accounts and Passwords
244