Red Hat Directory Server 8.0 Configuration, Command, and File Reference
For more information on password policies, see the "Managing Users and Passwords" chapter
in the Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Values on | off
Default Value off
Syntax DirectoryString
Example passwordCheckSyntax off
3.1.101. passwordExp (Password Expiration)
Indicates whether user passwords expire after a given number of seconds. By default, user
passwords do not expire. Once password expiration is enabled, set the number of seconds after
which the password expires using the passwordMaxAge attribute.
For more information on password policies, see the "Managing Users and Passwords" chapter
in the Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Values on | off
Default Value off
Syntax DirectoryString
Example passwordExp: on
3.1.102. passwordGraceLimit (Password Expiration)
This attribute is only applicable if password expiration is enabled. After the user's password has
expired, the server allows the user to connect for the purpose of changing the password. This is
called a grace login. The server allows only a certain number of attempts before completely
locking out the user. This attribute is the number of grace logins allowed. A value of 0 means
the server does not allow grace logins.
Parameter Description
Entry DN cn=config
Valid Values 0 (off) to any reasonable integer
Default Value 0
Syntax Integer
Example passwordGraceLimit: 3
cn=config
63