Chapter 2. Core Server Configuration Reference
68
2.3.1.141. passwordRetryCount
This attribute counts the number of consecutive failed attempts at entering the correct password.
This is an operational attribute, meaning its value is managed by the server and the attribute is not
returned in default searches.
Parameter
Description
Entry DN
cn=config
Valid Range
0 to the maximum 32 bit integer value
(2147483647)
Default Value
0
Syntax
Integer
Example
passwordRetryCount: 3
2.3.1.142. passwordStorageScheme (Password Storage Scheme)
This attribute sets the type of encryption used to store Directory Server passwords.
The following encryption types are supported by the Directory Server:
• CLEAR means the password is stored in cleartext, with no hashing or encryption. This scheme must
be used in order to use SASL DIGEST-MD5.
• SSHA (Salted Secure Hash Algorithm), the default, is the recommended method because it is the
most secure. There are several bit sizes available: 140 bits (the default), 256, 384, and 512.
• SHA (Secure Hash Algorithm) is included only for backward compatibility with 4.x Directory Servers;
do not use this algorithm.
• MD5 (Message Digest algorithm 5) is a commonly used standard hashing algorithm.
• CRYPT, the UNIX crypt algorithm, is provided for compatibility with UNIX passwords.
NOTE
Passwords cannot be encrypted using the NS-MTA-MD5 password storage scheme. The
storage scheme is still present but only for reasons of backward compatibility.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide
.
2.3.1.143. passwordUnlock (Unlock Account)
Indicates whether users are locked out of the directory for a specified amount of time or until the
administrator resets the password after an account lockout. The account lockout feature protects
against hackers who try to break into the directory by repeatedly trying to guess a user's password. If
this
passwordUnlock
attribute is set to
off
and the operational attribute
accountUnlockTime
has
a value of
0
, then the account is locked indefinitely.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide
.
Содержание 8.1
Страница 8: ...viii ...
Страница 14: ...xiv ...
Страница 16: ...2 ...
Страница 250: ...236 ...
Страница 334: ...320 ...
Страница 372: ...358 ...