|Skip Navigation Links|
|Exit Print View|
|Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (18.104.22.168.0)|
When a user connects to Directory Server, the user is authenticated. The directory can grant access rights and resource limits to the user depending on the identity established during authentication. An account in this chapter refers loosely to a user entry. The account also reflects the permissions for the user to perform operations on the directory. In this discussion of password policy, every account is associated with a user entry, and a password.
This chapter also addresses account activation, an aspect of password policy. The Directory Administrator can directly lock and unlock accounts, independently of password policy.
This chapter does not cover authentication methods. Some authentication methods, such as SASL GSSAPI and client SSL certificate-based authentication, do not involve the use of passwords. The information about password policy in this chapter does not apply to such authentication methods. See Chapter 5, Directory Server Security for instructions on configuring authentication mechanisms.
This chapter also does not cover the compatibility of password policies between Directory Server 11g Release 1 (22.214.171.124.0) and previous Directory Server versions. When you create a Directory Server 11g Release 1 (126.96.36.199.0) instance, the password policy implementation defaults to a Directory Server 5 compatible mode to facilitate upgrading from earlier versions. To take full advantage of the password policy features described in this chapter, you will need to change the password policy compatibility mode.
Caution - The DS5–compatibility-mode password policy is deprecated. You must switch to DS6–mode password policy in this version.
For more information about setting the password compatibility mode, see Password Policy Compatibility.
This chapter covers the following topics: