Specify user and global settings

The pdadmin policy commands can be set for a specific user (with the - user option) or globally (by not using the - user option). Any user-specific setting overrides a global setting for the policy.

You can also disable a policy (with the unset argument). The policy contains no value and the policy is not checked or enforced.

Example

A global minimum password length policy of 8 characters is created. As an exception to this policy, user matt is given a minimum password length policy of 4 characters.

pdadmin> policy set min-password-length 8
pdadmin> policy set min-password-length 4 -user matt
pdadmin> policy get min-password-length
Minimum password length: 8
pdadmin> policy get min-password-length -user matt
Minimum password length: 4

***

The specific minimum password length policy for user matt is unset. User matt is now governed by the global minimum password length policy of 8 characters.

pdadmin> policy set min-password-length unset -user matt
pdadmin> policy get min-password-length -user matt
Minimum password length: 8

***

The global minimum password length policy is unset. All users, including user matt, now have no minimum password length policy.

pdadmin> policy set min-password-length unset
pdadmin> policy get min-password-length
Minimum password length: unset

Parent topic: Password strength policy