Chapter 7.
207
Managing User Accounts and
Passwords
When a user connects to the Red Hat Directory Server, first the user is authenticated. Then, the
directory grants access rights and resource limits to the user depending upon the identity established
during authentication.
This chapter describes tasks for managing users, including configuring the password and account
lockout policy for the directory, denying groups of users access to the directory, and limiting system
resources available to users depending upon their bind DNs.
7.1. Managing the Password Policy
A password policy minimizes the risks of using passwords by enforcing the following:
• Users must change their passwords according to a schedule.
• Users must provide non-trivial passwords.
• The password syntax must meet certain complexity requirements.
After establishing a password policy, which can be for the entire directory or for specific subtrees
or users, user passwords can be protected from potential threats by configuring an account lockout
policy. Account lockout protects against hackers who try to break into the directory by repeatedly
guessing a user's password.
This section provides information about configuring password and account lockout policies:
•
Section 7.1.1, “Configuring the Password Policy”
•
Section 7.1.2, “Setting User Passwords”
•
Section 7.1.3, “Password Change Extended Operation”
•
Section 7.1.4, “Configuring the Account Lockout Policy”
•
Section 7.1.5, “Managing the Password Policy in a Replicated Environment”
•
Section 7.1.6, “Synchronizing Passwords”
7.1.1. Configuring the Password Policy
Directory Server supports fine-grained password policy, so password policies can be applied to the
entire directory (
global
password policy), a particular subtree (
subtree level
or
local
password policy),
or a particular user (
user level
or
local
password policy).
Essentially, the password policy is comprised of the following information:
•
The type or level of password policy checks.
This information indicates whether the server should
check for and enforce a global password policy or local (subtree/user level) password policies.
•
Password add and modify information.
The password information includes password syntax and
password history details.
Summary of Contents for DIRECTORY SERVER 8.0
Page 18: ...xviii ...
Page 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Page 30: ...12 ...
Page 112: ...94 ...
Page 128: ...110 ...
Page 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Page 224: ...206 ...
Page 324: ...306 ...
Page 334: ...316 ...
Page 358: ...340 ...
Page 410: ...392 ...
Page 420: ...402 ...
Page 444: ...426 ...
Page 454: ...436 ...
Page 464: ...446 ...
Page 484: ...466 ...
Page 512: ...494 ...
Page 522: ...504 ...