Red Hat Directory Server 8.0 Administrator's Guide
Attribute Name Definition
discourage users from reusing old passwords.
For example, setting the minimum password
age to 2 days prevents users from repeatedly
changing their passwords during a single
session to cycle through the password history
and reuse an old password once it has been
removed from the history list. The minimum
age can be from 0 to 2147472000 seconds
(24,855 days). A value of zero indicates that
the user can change the password
immediately. The default value of this attribute
is 0.
passwordHistory This attribute indicates whether the directory
stores a password history. When set to on,
the directory stores the number of passwords
specified in the passwordInHistory attribute
in a history. If a user attempts to reuse one of
the passwords, the password will be rejected.
When this attribute is set to off, any
passwords stored in the history remain there.
When this attribute is set back to on, users
will not be able to reuse the passwords
recorded in the history before the attribute
was disabled. This attribute is off by default,
meaning users can reuse old passwords.
passwordInHistory This attribute indicates the number of
passwords the directory stores in the history.
There can be 2 to 24 passwords stored in the
history. This feature is not enabled unless the
passwordHistory attribute is set to on. This
attribute is set to 6 by default.
passwordCheckSyntax When on, this attribute indicates that the
password syntaxis checked by the server
before the password is saved. Password
syntax checking ensures that the password
string meets or exceeds the length and
complexity requirements and that the string
does not contain any trivial words. A trivial
word is any value stored in the uid, cn, sn,
givenName, ou, or mail attributes of the
user's entry. This attribute is off by default.
passwordMinLength This attribute specifies the minimum number
of characters that must be used in passwords.
Configuring the Password Policy
249