Sun Java System Directory Server Enterprise Edition 6.3 Deployment Planning Guide

Designing Password Policies

A password policy is a set of rules that govern how passwords are administered in a system. Directory Server supports multiple password policies, as well as a default password policy.

Several elements of the password policy are configurable, enabling you to design a policy that suits the security requirements of your organization. Configuration of the password policy is described in Chapter 8, Directory Server Password Policy, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide. The individual attributes available for configuring password policies are described in the pwpolicy(5dssd) man page.

This section is divided into the following topics:

Password Policy Options

The following password policy options are provided:

Password Policies in a Replicated Environment

Configuration information for the default password policy is not replicated. Instead, it is part of the server instance configuration. If you modify the default password policy, the same modifications must be made on each server in the topology. If you need a password policy that is replicated, you must define a specialized password policy under a part of the directory tree that is replicated.

All password information that is stored in the user entry is replicated. This information includes the current password, password history, password expiration dates and so forth.

Consider the following impact of password policies in a replicated environment:

Password Policy Migration

The Directory Server Enterprise Edition password policy configuration settings differ from the password policy configuration settings provided with the 5.x version of Directory Server. If your topology includes servers that run different versions of Directory Server, see New Password Policy in Sun Java System Directory Server Enterprise Edition 6.3 Migration Guide for information about how to migrate password policy settings.