This file controls password rules such as password length,
number of character types, and the lifetime of a password. The file, password.policy, is located on each of the primary and secondary security
servers. This file can be located at:
Editing
the Default File |
 |
To edit the password policy file and configure it to match
your organization's requirements, use a text editor on
the primary security server. You must have the appropriate read-write permissions
to access the password policy file.
The default password policy file is designed around the four
instances or policy groups namely,
principals who do not have an instance
principals with an admin
instance
principals with a root instance
the base group named * that consists of all the other principals
You can also add more policy groups to identify specific instances
in your enterprise.
Password policy settings and the defaults for the base group,
the * instance group, in the password policy file are listed
below:
Table 6-2 Default Password Policy Settings for the base group
Password Policy setting | Default |
|---|
* .MaxRepeatChars | 3 |
* .MaxRepeatClasses | 4 |
*.MaximumMatch | 4 |
*.MinimumLength | 6 |
*.MinimumClasses | 2 |
*.Expiration | None |
*.MinimumAge | None |
*.NotifyTime | 7d |
*.Dictionaries | None |
*.MaxFailAuthCnt | 10 |
*.NoReqChangePwd | 0 |
*.MaximumHistory | 1 |
If you modify the MaxfailAuthCnt parameter, you must copy the password policy file to
the secondary security server and then restart the kdcd on both the secondary and primary secondary servers.
|
| |
|
 | NOTE: MaxFailAuthCnt is the only parameter that the secondary servers read in
the password policy file. |
|
| |
|
If you edit the password policy file on the primary server,
the file must be copied to each secondary server, so that all the
servers have an updated version of this file.
For more information on the Password policy file, refer to password.policy
(4) manpage.
Printable version
