Setting password policy properties

 

Use this information to set password policy properties. To set the password policy, take these steps:

  1. Expand the Manage security properties category in the navigation area of the Web Administration Tool, and select the Password policy tab. This panel displays a noneditable Password attribute field that contains the name of the attribute that password policy is using.

  2. Select the type of password encryption from the drop-down list:

    None

    No encryption. Passwords are stored in the clear text format.

    crypt

    Passwords are encoded by the UNIX crypt encoding algorithm before they are stored in the directory.

    SHA-1

    Passwords are encoded by the SHA-1 encoding algorithm before they are stored in the directory.

  3. Select the Password policy enabled check box to enable password policy.

    If Password policy is not enabled, none of the other functions on this or the other password panels are available until the check box is enabled. By default, password policy is disabled.

  4. Select the User can change password check box to specify whether the user can change the password.

  5. Select the User must change password after reset check box to specify whether the user must change the password after logging on with a reset password.

  6. Select the User must send password when changing check box to specify whether the user, after the initial logon, needs to specify the password again before being able to change the password.

  7. Set the password expiration limit. Click the Password Never Expires radio button to specify that the password does not have to be changed at a specific time interval, or click the Days radio button and specify the time interval, in days, when the password needs to be reset.

  8. Specify whether the system issues a password expiration warning before the password expires.

    If you click the Never warn radio button, the user is not warned before the previous password expires. The user cannot access the directory until the administrator has created a new password.

    If you click the Days before expiration radio button and specify a number of days (n), the user receives a warning prompt to change the password each time the user logs on, starting n days before the password expires. The user can still access the directory until the password expires.

  9. Specify the number of times, if any, that the user can log in after the password has expired. This selection enables the user to access the directory with an expired password.

  10. Click OK.

You can also use the ldapmodify utility (see ldapmodify and ldapadd) to set password policy.

For more information about password policy, see Password policy.

 

Parent topic:

Password tasks