test

Sun Directory Server Enterprise Edition 7.0 Administration Guide

Worksheet for Defining Password Policy

This worksheet is designed to help you define a password policy to implement either through the command-line interface or using Directory Service Control Center (DSCC). Use one worksheet for each password policy.

After you record the DN of the password policy entry, record your decisions about settings for attributes in each policy area. Also record your rationale for those settings.

Password Policy Worksheet 

Password Policy Entry Distinguished Name 

dn: cn=

Policy Area 

Attribute 

Write Your Settings Here 

Write Your Rationale for Settings Here 

Account Lockout 

pwdFailureCountInterval(5dsat)

   

pwdIsLockoutPrioritized(5dsat)

           

           

pwdLockout(5dsat)

           

           

pwdLockoutDuration(5dsat)

           

           

pwdMaxFailure(5dsat)

           

           

Password Changes 

passwordRootdnMayBypassModsChecks(5dsat)

           

           

pwdAllowUserChange(5dsat)

           

           

pwdInHistory(5dsat)

           

           

pwdMinAge(5dsat)

           

           

pwdMustChange(5dsat)

           

           

pwdSafeModify(5dsat)

           

           

Password Content 

passwordStorageScheme(5dsat)

           

           

pwdCheckQuality(5dsat)

           

           

pwdMinLength(5dsat)

   

Password Expiration 

pwdExpireWarning(5dsat)

           

           

pwdGraceAuthNLimit(5dsat)

           

           

pwdMaxAge(5dsat)

           

           

Tracking Last Authentication Time 

pwdKeepLastAuthTime(5dsat)

           

           

Note –

When the pwdCheckQuality attribute is set to 2, the server can perform additional checks. When the Password Check plug-in is also enabled, settings for the plug-in affect what checks are performed the on values of new passwords.