Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing, Configuring and Administering the Kerberos Server on HP-UX 11i: HP 9000 Networking > Chapter 4 Administration

Policies
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

A policy is a set of rules governing passwords. Policies can dictate minimum and maximum password lifetimes, minimum number of characters and character classes a password must contain, and the number of old passwords kept in the database.

Adding Policies

To add a new policy, use the kadmin.local add_policy command, which requires the "add" administrative privilege in the acl file. The general syntax is:

add_policy [options] policy_name

kadmin.local: addpol -minlength 8 -minclasses 2 default

In the above example, a policy named, "default" is added with the options to specify the minimum password length to be eight characters long and it should have a minimum of two character classes.

If a default policy has been created and if no policy is specified adding principals then this default policy is applied to those principals.

The add_policy has the alias addpol.

Modifying Policies

To modify attributes of a principal, use the kadmin.local modify_policy command, which requires the "modify" administrative privilege. The general syntax is:

modify_policy [options] policy_name

kadmin.local: modify_policy -minclasses 3 -minlength 5 default

In the above example, we have modified the policy "default", to specify the minimum password length to be five characters and the minimum number of password classes to be three.

The modify_policy has the alias modpol.

Retrieving Policies

To retrieve a policy, use the kadmin.local get_policy command, which requires the "inquire" administrative privilege. The general syntax is:

get_policy [-terse] policy

The get_policy command has the alias getpol. For example,

kadmin.local: get_policy admin
Policy: admin
Maximum password life: 180 days 00:00:00
Minimum password life: 00:00:00
Minimum password length: 6
Minimum number of password character classes: 2
Number of old keys kept: 5
Reference count: 17
kadmin.local:

The reference count is the number of principals that are using that policy.

The get_policy command has a -terse option, which lists each field as a quoted, tab-separated string. For example:

kadmin.local: get_policy -terse admin
admin 15552000 0 6 7 3 18
kadmin.local:

Retrieving the List of Policies

You can retrieve a list of policies with the kadmin.local list_policies command, which requires the "list" privilege.

The general syntax is:

list_policies [expression]

where expression is a shell-style global expression that can contain the wildcard character '*'. All policy names matching the expression are displayed.

The list_policies command has the alias listpols. For example:

kadmin.local: listpols
test-pol
dict-only
once-a-min
test-pol-nopw

kadmin.local: listpols t*
test-pol
test-pol-nopw
kadmin.local:

Deleting Policies

To delete a policy, use the kadmin.local delete_policy command, which requires the "delete" administrative privilege. The general syntax is:

delete_policy policy_name

The delete_policy command has the alias delpol. It prompts for a confirmation before deletion.

For example:

kadmin.local: delete_policy guests
Are you sure you want to delete the policy "guests"?
(yes/no): yes
Policy "guests" deleted.
kadmin.local:

NOTE: You must remove the policy usage from all principals before deleting it. The delete_policy command will fail if it is in use by any principal.


Principals
  		 


Keytabs  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001 Hewlett-Packard Development Company, L.P.