Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
451452453454455456457458459460
OSF DCE Administration Guide—Core Components
Whether or not passwords can consist entirely of spaces, defined by the dcecp
pwdspaces attribute in the form
pwdspaces {yes | no}
If you specify no, passwords cannot consist of all spaces.
Whether or not a password can consist entirely of alphanumeric characters, defined
by the dcecp pwdalpha attribute in the form
pwdalpha {yes | no}
If you specify no, passwords must contain characters other than alphanumerics.
Note: You can exert additional control over password formats by attaching ERAs
to principals. For information on how to do this, see Chapter 30.
35.1.2 Authentication Policy
Authentication policy regulates ticket lifetimes. You can set authentication policy for
the registry as a whole, using the dcecp registry modify command, and for individual
accounts by using the dcecp account modify command. The authentication policies you
can set are described in the following subsections.
Note: Be aware that, in addition to the authentication policies described in this
section, you can also control preauthentication policy for a principal by
attaching an instance of the pre_auth_req ERA to the principal. See
Chapter 30 for a general discussion of preauthentication and information
on preauthentication administration.
35.1.2.1 Maximum Ticket Renewable Time
Note: This feature is not currently used by DCE; any use of this option is
unsupported at the present time.
The maximum ticket renewable time (maxtktrenew attribute) that you set determines
the maximum amount of time in hours before a principal’s ticket-granting ticket expires
and the time the principal must log in again to reauthenticate and obtain another ticket-
granting ticket. The shorter you make the maximum ticket renewable time, the greater
the security of the system. However, since users must log in again to renew their
ticket-granting ticket, the time needs to take into consideration user convenience and
the level of security that your cell requires.
You define maximum ticket renewable time with the dcecp maxtktrenew attribute in
the following form:
maxtktrenew hours
35 4 Tandem Computers Incorporated 124243