HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
Table 32 Password policy attributes (continued)
DefinitionAttribute name
in a history. If a user attempts to reuse one of the passwords, the password will be rejected.
When this attribute is set to off, any passwords stored in the history remain there. When
this attribute is set back to on, users will not be able to reuse the passwords recorded in the
history before the attribute was disabled. This attribute is off by default, meaning users can
reuse old passwords.
This attribute indicates the number of passwords the directory stores in the history. There can
be 2 to 24 passwords stored in the history. This feature is not enabled unless the
passwordHistory attribute is set to on. This attribute is set to 6 by default.
passwordInHistory
When on, this attribute indicates that the password syntax is checked by the server before
the password is saved. Password syntax checking ensures that the password string meets or
passwordCheckSyntax
exceeds the length and complexity requirements and that the string does not contain any
trivial words. A trivial word is any value stored in the uid, cn, sn, givenName, ou, or
mail attributes of the user's entry. This attribute is off by default.
This attribute specifies the minimum number of characters that must be used in passwords.
Shorter passwords are easier to crack. Passwords can be two (2) to 512 characters long.
passwordMinLength
Generally, a length of eight characters is long enough to be difficult to crack but short enough
for users to remember without writing it down. This attribute is set to 8 by default.
This attribute set the maximum number of times that the same character can be used in row,
such as aaaaa. Setting the attribute to 0 means that there is no limit on how many time a
character can be repeated. This attribute is set to 0 by default.
passwordMaxRepeats
This attribute sets the minimum number of alphabetic characters that must be used in the
password. This setting does not set any requirements for the letter case; requirements for the
passwordMinAlphas
minimum number of lowercase and uppercase letters are set in the passwordMinLower
and passwordMinUpper attributes, respectively. By default, this attribute is set to 0,
meaning there is no required minimum.
This attribute sets the minimum number of numeric characters (0 through 9) that must be used
in the password. By default, this attribute is set to 0, meaning there is no required minimum.
passwordMinDigits
This attribute sets the minimum number of special ASCII characters, such as !@#$., that
must be used in the password. By default, this attribute is set to 0, meaning there is no
required minimum.
passwordMinSpecials
This attribute sets the minimum number of lower case alphabetic characters, a to z, that must
be used in the password. By default, this attribute is set to 0, meaning there is no required
minimum.
passwordMinLowers
This attribute sets the minimum number of categories that must be used in the password.
There are eight categories available:
passwordMinCategories
Uppercase letters (A to Z)
Lowercase letters (a to z)
Numbers (0 through 9)
Special ASCII characters, such as $
ASCII alphabetic characters, regardless of case (a to z and A to Z)
8-bit characters
Repeated characters, such as aaaaaa
This attribute is set to 3 by default.
This attribute sets the minimum number of upper case alphabetic characters, A to Z, that
must be used in the password. By default, this attribute is set to 0, meaning there is no
required minimum.
passworMinUppers
This attribute sets the minimum length for any tokens used with Directory Server. The token
length can be from 1 to 64 characters. This attribute is set to 3 by default.
passwordTokenLength
294 Managing User Authentication