beautypg.com

Passwordallowchangetime, Passwordchange (password change), Passwordchecksyntax (check password syntax) – Red Hat 8.1 User Manual

Page 49: Passwordexp (password expiration)

background image

Syntax

DirectoryString

Example

nsSSLclientauth: allowed

2.3.1.111. passwordAllowChangeTime

This attribute specifies the length of time that must pass before the user is allowed to change his
password.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Entry DN

cn=config

Valid Values

Any integer

Default Value
Syntax

DirectoryString

Example

passwordAllowChangeTime: 5h

2.3.1.112. passwordChange (Password Change)

Indicates whether users may change their passwords.

This can be abbreviated to pwdAllowUserChange.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

on

Syntax

DirectoryString

Example

passwordChange: on

2.3.1.113. passwordCheckSyntax (Check Password Syntax)

This attribute sets whether the password syntax is checked before the password is saved. The
password syntax checking mechanism checks that the password meets or exceeds the password
minimum length requirement and that the string does not contain any trivial words, such as the user's
name or user ID or any attribute value stored in the uid, cn, sn, givenname, ou, or mail attributes of the
user's directory entry.

Password syntax includes several different categories for checking:

Minimum number of digit characters (0-9)
Minimum number of ASCII alphabetic characters, both upper- and lower-case
Minimum number of uppercase ASCII alphabetic characters
Minimum number of lowercase ASCII alphabetic characters
Minimum number of special ASCII characters, such as !@#$
Minimum number of 8-bit characters
Maximum number of times that the same character can be immediately repeated, such as aaabbb
Minimum number of character categories required per password; a category can be upper- or lower-
case letters, special characters, digits, or 8-bit characters

This can be abbreviated to pwdCheckSyntax.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

off

Syntax

DirectoryString

Example

passwordCheckSyntax off

2.3.1.114 . passwordExp (Password Expiration)

Indicates whether user passwords expire after a given number of seconds. By default, user passwords
do not expire. Once password expiration is enabled, set the number of seconds after which the

Red Hat Directory Server 8.1 Configuration and Command Reference

4 9