Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Kerberos Server Version 3.12 Administrator's Guide: HP-UX 11i v3 > Chapter 8 Administering the Kerberos Server

Password Policy File
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The password policy file controls password rules, such as password length, number of character types, and the lifetime of a password. The password.policy file located on each of the primary and secondary security servers in the /opt/krb5 directory.

Editing the Default File

To edit the password policy file and configure it to match the requirements of your organization, use a text editor on the primary security server. You must have the appropriate read-write permissions to access the password policy file.

The default password policy file is designed around the following instances or policy groups:

  • Principals that do not have an instance

  • Principals with an admin instance

  • Principals with a root instance

  • The base group named *, which consists of all the other principals

You can also add more policy groups to identify specific instances in your enterprise.

Table 8-3 “Default Password Policy Settings for the Base Group” explains the password policy settings and the defaults for the base group and the * instance group in the password policy file.

Table 8-3 Default Password Policy Settings for the Base Group

Password Policy Setting

Default Value

*.MaxRepeatChars

3

*.MaxRepeatClassics4

*.MaximumMatch

4

*.MinimumLength

6

*.MinimumClasses

2

*.Expiration

None

*.MinimumAge

None

*.NotifyTime

7d
*.DictionariesNone

*.MaxFailAuthCnt

10
*.NoReqChangePwd0

*.MaximumHistory

1

 

If you modify the MaxfailAuthCnt parameter, you must copy the password policy file to the secondary security server and restart kdcd on both the secondary and primary secondary security servers.

NOTE: MaxFailAuthCnt is the only parameter that the secondary security servers read in the password policy file.

If you edit the password policy file on the primary security server, the file must be copied to each secondary security server, so that all the servers have an updated version of this file.

For more information on the password policy file, type man 4 password.policy at the HP-UX prompt.



The admin_acl_file File
  		 


Principals  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.