Sun Java System Directory Server Enterprise Edition 6.0 Evaluation Guide

Forced Password Change After Reset

This new feature of Directory Server enables administrators to force regular system users to change their passwords after a password reset.

This feature is enabled by the pwd-must-change-enabled property. This property specifies whether a user must change the password when he first binds or after the password has been set or reset. The feature is disabled by default.

You can enable this feature by selecting the Password Reset checkbox in the DSCC as illustrated in the following figure.

Illustrates the Password change section of the Password
Policies tab in the DSCC.

To view the current policy for requiring password change after password reset, use the following command:

# dsconf get-server-prop -p 20390 pwd-must-change-enabled
pwd-must-change-enabled  :  off

Enable the policy that requires changing the password after a reset as follows:

# dsconf set-server-prop  -p 20390 pwd-must-change-enabled:on

See Chapter 7, Directory Server Password Policy, in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide for instructions on configuring password policy using command-line tools. For instructions on using the Directory Service Control Center to configure password policy, open the DSCC online help.