Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
271272273274275276277278279280
Attribute Name Definition
password will appear in plain text.
The only password storage scheme that can
be used with SASL DIGEST-MD5 is CLEAR.
Passwords stored using crypt, SHA, or SSHA
formats cannot be used for secure login
through SASL Digest MD5. To provide a
customized storage scheme, consult Red Hat
professional services.
Table 7.1. Password Policy Attributes
1.1.4. Configuring Subtree/User Password Policy Using the
Command-Line
To configure a subtree or user level password policy, do the following:
1. Add the required attributes to the subtree or user entries by running the ns-newpwpolicy.pl
script.
The command syntax for the script is as follows:
ns-newpwpolicy.pl [-D rootDN] { -w password | -w - | -j filename }[-p port]
[-h host]
-U userDN -S suffixDN
For updating a subtree entry, use the -S option. For updating a user entry, use the -U option.
The ns-newpwpolicy.pl script accepts only one user or subtree entry at a time. It can,
however, accept both user and suffix entries at the same time. For details about the script,
see the Directory Server Configuration, Command, and File Reference.
2. The script adds the required attributes depending on whether the target entry is a subtree or
user entry.
For a subtree (for example, ou=people, dc=example, dc=com), the following entries are
added:
A container entry (nsPwPolicyContainer)at the subtree level for holding various password
policy-related entries for the subtree and all its children. For example:
dn: cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
objectClass: top
objectClass: nsContainer
cn: nsPwPolicyContainer
Chapter 7. Managing User Accounts and Passwords
252