Red Hat Directory Server 8.0 Administrator's Guide
Attribute Name Definition
Lowercase letters (a to z)
Numbers (0 through 9)
Special ASCII characters, such as $
ASCII alphabetic characters, regardless of
case (a to z and A to Z)
8-bit characters
Repeated characters, such as aaaaaa
This attribute is set to 3 by default.
passworMinUppers This attribute sets the minimum number of
upper case alphabetic characters, A to Z,
which must be used in the password. By
default, this attribute is set to 0, meaning
there is no required minimum.
passwordTokenLength This attribute sets the minimum length for any
tokens used with Directory Server. The token
length can be from 1 to 64 characters. This
attribute is set to 3 by default.
passwordMin8bit This attribute sets the minimum number of
8-bit chracters used in the password. The
default number is 0, meaning none are
required.
passwordStorageScheme This attribute specifies the type of encryption
used to store Directory Server passwords.
The following encryption types are supported
by Directory Server:
SSHA (Salted Secure Hash Algorithm). This
method is recommended as it is the most
secure. The Directory Server supports SSHA,
SSHA-256, SSHA-384, and SSHA-512. SSHA is
the default method.
SHA (Secure Hash Algorithm). A one-way
hash algorithm; it is supported only for
backwards compatibility with Directory Server
4.x and should not be used otherwise. This
includes support for SHA, SHA-256, SHA-384,
and SHA-512 algorithms, which protects
against some insecurities in the SHA-1
algorithm.
MD5. MD5 is not as secure as SSHA but is
available for legacy applications require it.
crypt. The UNIX crypt algorithm, provided for
compatibility with UNIX passwords.
clear. This encryption type indicates that the
Configuring the Password Policy
251