Manualshelf

HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
281282283284285286287288289290
7 Managing User Authentication
When a user connects to the HP-UX Directory Server, first the user is authenticated. Then, the
directory grants access rights and resource limits to the user depending upon the identity established
during authentication.
This chapter describes tasks for managing users, including configuring the password and account
lockout policy for the directory, denying groups of users access to the directory, and limiting system
resources available to users depending upon their bind DNs.
Topics include:
“Managing the password policy” (page 290)
“Inactivating users and roles” (page 301)
“Setting Resource Limits Based on the bind DN” (page 303)
“Using the account policy plug-in for inactivity limits” (page 313)
7.1 Managing the password policy
A password policy minimizes the risks of using passwords by enforcing the following:
Users must change their passwords according to a schedule.
Users must provide nontrivial passwords.
The password syntax must meet certain complexity requirements.
After establishing a password policy, which can be for the entire directory or for specific subtrees
or users, user passwords can be protected from potential threats by configuring an account lockout
policy. Account lockout protects against hackers who try to break into the directory by repeatedly
guessing a user's password.
For an overview on password policy, see "Designing a Password Policy" in the HP-UX Directory
Server deployment guide.
This section provides information about configuring password and account lockout policies:
“Configuring the password policy” (page 290)
“Setting user passwords” (page 297)
“Password change extended operation” (page 297)
“Configuring the account lockout policy” (page 298)
“Managing the password policy in a replicated environment” (page 299)
“Synchronizing passwords” (page 300)
7.1.1 Configuring the password policy
Directory Server supports fine-grained password policy, so password policies can be applied to
the entire directory (global password policy), a particular subtree (subtree level or local password
policy), or a particular user (user level or local password policy).
290 Managing User Authentication