Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
261262263264265266267268269270
force the users to update their password.
5. To allow users to change their own passwords, select the User may change password
checkbox.
6. To prevent users from changing their password for a specific duration, enter the number of
days in the Allow changes in X day(s) text box.
7. For the server to maintain a history list of passwords used by each user, select the Keep
password history checkbox. Enter the number of passwords for the server to keep for each
user in the Remember X passwords text box.
8. If user passwords should not expire, select the Password never expires radio button.
9. To require users to change their passwords periodically, select the Password expires after
X days radio button, and then enter the number of days that a user password is valid.
The maximum value for the password age is derived by subtracting January 18, 2038, from
today's date. The entered value must not be set to the maximum value or too close to the
maximum value. Setting the value to the maximum value can cause the Directory Server to
fail to start because the number of seconds will go past the epoch date. In such an event, the
error log will indicate that the password maximum age is invalid. To resolve this problem,
correct the passwordMaxAge attribute value in the dse.ldif file.
A common policy is to have passwords expire every 30 to 90 days. By default, the password
maximum age is set to 8640000 seconds (100 days).
10.If the Password expire after X days radio button is selected, specify how long before the
password expires to send a warning to the user. In the Send Warning X Days Before
Password Expires text enter the number of days before password expiration to send a
warning.
NOTE
It is not necessary to configure the Directory Server to send a warning to users.
The Directory Server automatically issues a warning the next time the user
attempts to log into the Directory Server Console that the password will soon
expire or has expired. This is analogous to an operating system warning that
reads "Warning: password will expire in 7 days" when a user logs in.
11.For the server to check the syntax of a user password to make sure it meets the minimum
requirements set by the password policy, select the Check Password Syntax checkbox.
Then, specify required password complexity, such as the minimum length and required
number of numeric and special characters. The password syntax requirements are described
more in Table 7.1, “Password Policy Attributes”.
12.From the Password Encryption pull-down menu, select the encryption method for the
Configuring the Password Policy
245