beautypg.com

Passwordkeephistory, Passwordlockout (account lockout) – Red Hat 8.1 User Manual

Page 51

background image

stored passwords. Set the number of old passwords the Directory Server stores using the
passwordInHistory attribute.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

off

Syntax

DirectoryString

Example

passwordHistory: on

2.3.1.120. passwordInHistory (Number of Passwords to Remember)

Indicates the number of passwords the Directory Server stores in history. Passwords that are stored in
history cannot be reused by users. By default, the password history feature is disabled, meaning that
the Directory Server does not store any old passwords, and so users can reuse passwords. Enable
password history using the passwordHistory attribute.

To prevent users from rapidly cycling through the number of passwords that are tracked, use the
passwordMinAge attribute.

This can be abbreviated to pwdInHistory.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Entry DN

cn=config

Valid Range

2 to 24 passwords

Default Value

6

Syntax

Integer

Example

passwordInHistory: 7

2.3.1.121. passwordIsGlobalPolicy (Password Policy and Replication)

This attribute controls whether password policy attributes are replicated.

Parameter

Description

Entry DN

cn=config

Valid Values

on | off

Default Value

off

Syntax

DirectoryString

Example

passwordIsGlobalPolicy: off

2.3.1.122. passwordKeepHistory

This attribute sets whether a password history is maintained for users.

Parameter

Description

Entry DN

cn=config

Valid Values

0 (no history) or 1 (keep history)

Default Value

0

Syntax

DirectoryString

Example

passwordKeepHistory: 1

2.3.1.123. passwordLockout (Account Lockout)

Indicates whether users are locked out of the directory after a given number of failed bind attempts. By
default, users are not locked out of the directory after a series of failed bind attempts. If account lockout
is enabled, set the number of failed bind attempts after which the user is locked out using the
passwordMaxFailure attribute.

This can be abbreviated to pwdLockOut.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Red Hat Directory Server 8.1 Configuration and Command Reference

51