Chapter 7. Managing User Accounts and Passwords
220
7.1.4.2. Configuring the Account Lockout Policy Using the Command-
Line
This section describes the attributes to create an account lockout policy to protect the passwords
stored in the server. Use
ldapmodify
to change these attributes in the
cn=config
entry.
Table 7.3, “Account Lockout Policy Attributes”
describes the attributes available to configure the
account lockout policy.
Attribute Name
Definition
passwordLockout
This attribute indicates whether users are locked
out of the directory after a given number of failed
bind attempts. Set the number of failed bind
attempts after which the user will be locked out
using the
passwordMaxFailure
attribute.
Users can be locked out for a specific time or
until an administrator resets the password. This
attribute is set to
off
by default, meaning that
users will not be locked out of the directory.
passwordMaxFailure
This attribute indicates the number of failed bind
attempts after which a user will be locked out of
the directory. This attribute takes affect only if the
passwordLockout
attribute is set to
on
. This
attribute is set to
3
bind failures by default.
passwordUnlock
This attribute sets whether a user can log back
into the server without administrator intervation.
The default is for this attribute to be on, meaning
that the user
can
log back into the server after a
certain lockout period has passed. If this attribute
is turned off, then the user cannot log back in
using that account until it is manually unlocked
by an administrator.
passwordLockoutDuration
This attribute indicates the time, in seconds,
that users will be locked out of the directory.
The
passwordUnlock
attribute specifies if a
user is locked out until the password is reset by
an administrator (which means that the user is
locked out indefinitely). If the
passwordUnlock
attribute is set to
on
, then the use can log in
again as soon as the lockout duration time is
reached. By default, the user is locked out for
3600 seconds.
passwordResetFailureCount
This attribute specifies the time, in seconds, after
which the password failure counter will be reset.
Each time an invalid password is sent from the
user's account, the password failure counter
is incremented. If the
passwordLockout
attribute is set to
on
, users will be locked out
of the directory when the counter reaches
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...