ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahysetpwdprop.htm

172 lines
10 KiB
HTML

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Set password properties</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<img src="delta.gif" alt="Start of change" /><img src="delta.gif" alt="Start of change" />
<a name="rzahysetpwdprop"></a>
<h4 id="rzahysetpwdprop">Set password properties</h4>
<p>The Directory Server provides many password options to ensure that only
authorized users are allowed to access the directory. These options are grouped
under password policy, password lockout, and password validation.</p>
<p><span class="bold">Password policy</span></p>
<p>To set the password policy, take these steps:</p>
<ol type="1">
<li>Expand the <span class="bold">Manage security properties</span> category
in the navigation area of the Web Administration Tool, and select the <span class="bold">Password policy</span> tab. This panel displays a noneditable <span class="bold">Password attribute</span> field that contains the name
of the attribute that password policy is using.</li>
<li>Select the type of password encryption from the drop-down list:
<dl>
<dt class="bold">None</dt>
<dd>No encryption. Passwords are stored in the clear text format.
</dd>
<dt class="bold">crypt</dt>
<dd>Passwords are encoded by the UNIX crypt encoding algorithm before they
are stored in the directory.
</dd>
<dt class="bold">SHA-1</dt>
<dd>Passwords are encoded by the SHA-1 encoding algorithm before they are
stored in the directory.
</dd>
</dl></li>
<li>Select the <span class="bold">Password policy enabled</span> check
box to enable password policy.
<a name="wq288"></a>
<div class="notetitle" id="wq288">Note:</div>
<div class="notebody">If Password policy is not enabled,
none of the other functions on this or the other password panels are available
until the check box is enabled. By default, password policy is disabled.</div></li>
<li>Select the <span class="bold">User can change password</span> check
box to specify whether the user can change the password.</li>
<li>Select the <span class="bold">User must change password after reset</span> check box to specify whether the user must change the password after
logging on with a reset password.</li>
<li>Select the<span class="bold"> User must send password when changing</span> check box to specify whether the user, after the initial logon, needs
to specify the password again before being able to change the password.</li>
<li>Set the password expiration limit. Click the <span class="bold">Password Never Expires</span> radio button to specify that the password does
not have to be changed at a specific time interval, or click the <span class="bold">Days</span> radio button and specify the time interval, in days, when the password
needs to be reset.</li>
<li>Specify whether the system issues a password expiration warning before
the password expires.
<p>If you click the <span class="bold">Never
warn</span> radio button, the user is not warned before the previous password
expires. The user cannot access the directory until the administrator has
created a new password.</p>
<p>If you click the <span class="bold">Days before expiration</span> radio button and specify a number of days (n),
the user receives a warning prompt to change the password each time the user
logs on, starting n days before the password expires. The user can still access
the directory until the password expires.</p></li>
<li>Specify the number of times, if any, that the user can log in after the
password has expired. This selection enables the user to access the directory
with an expired password.</li>
<li>Click <span class="bold">OK</span>.</li></ol>
<a name="wq289"></a>
<div class="notetitle" id="wq289">Note:</div>
<div class="notebody">You can also use the ldapmodify utility (see <a href="rzahyldapadd.htm#rzahyldapadd">ldapmodify and ldapadd</a>)
to set password policy.</div>
<p>For more information about password policy, see <a href="rzahypwdpolicy.htm#rzahypwdpolicy">Password policy</a>.</p>
<p><span class="bold">Password Lockout</span></p>
<p></p>
<ol type="1">
<li>Expand the <span class="bold">Manage security properties</span> category
in the navigation area of the Web administration tool, then select the <span class="bold">Password lockout</span> tab.
<a name="wq291"></a>
<div class="notetitle" id="wq291">Note:</div>
<div class="notebody">If password
policy is not enabled on the server, the functions on this panel do not take
effect.</div></li>
<li>Specify the number of seconds, minutes, hours or days that must expire
before a password can be changed.</li>
<li>Specify whether incorrect logins lockout the password.
<ul>
<li>Select the <span class="bold">Passwords are never locked out</span> radio
button if you want to allow unlimited log in attempts. This selection disables
the password lockout function.</li>
<li>Select the Attempts radio button and specify the number of log in attempts
that are allowed before locking out the password. This selection enables the
password lockout function.</li></ul></li>
<li>Specify the duration of the lockout. Select the <span class="bold">Lockouts never expire</span> radio button to specify that the system administrator
must reset the password, or select the <span class="bold">Seconds</span> radio
button and specify the number of seconds before the lockout expires and log
in attempts can resume.</li>
<li>Specify the expiration time for an incorrect login. Click the <span class="bold">Incorrect logins only cleared with correct password</span> radio button to specify
that incorrect logins are cleared only by a successful login, or click the <span class="bold">Seconds</span> radio button and specify the number of
seconds before an unsuccessful login attempt is cleared from memory.
<a name="wq292"></a>
<div class="notetitle" id="wq292">Note:</div>
<div class="notebody">This option works only if the password is not locked out.</div></li>
<li>When you are finished, click <span class="bold">Apply</span> to save
your changes without exiting, or click <span class="bold">OK</span> to
apply your changes and exit, or click <span class="bold">Cancel</span> to
exit this panel without making any changes.</li></ol>
<p><span class="bold">Password validation</span></p>
<p></p>
<ol type="1">
<li>Expand the <span class="bold">Manage security properties</span> category
in the navigation area of the Web administration tool, then select the <span class="bold">Password validation</span> tab.
<a name="wq294"></a>
<div class="notetitle" id="wq294">Note:</div>
<div class="notebody">If password
policy is not enabled on the server, the functions on this panel do not take
effect.</div></li>
<li>Set the number of passwords that must be used before a password can be
reused. Enter a number from 0 to 30. If you enter zero, a password can be
reused without restriction.</li>
<li>From the drop-down menu, select whether the password is checked for the
syntax defined in the following entry fields. You can select:
<dl>
<dt class="bold">Do not check syntax</dt>
<dd>No syntax checking is performed.
</dd>
<dt class="bold">Check syntax (except encrypted) </dt>
<dd>The syntax checking is performed on all unencrypted passwords.
</dd>
<dt class="bold">Check syntax </dt>
<dd>The syntax checking is performed on all passwords.
</dd>
</dl></li>
<li>Specify a number value to set the minimum length of the password. If the
value is set to zero, no syntax checking is performed.
<ul>
<li>Specify a number value to set the minimum number of alphabetic characters
required for the password.</li>
<li>Specify a number value to set the minimum number of numeric and special
characters required for the password.
<a name="wq295"></a>
<div class="notetitle" id="wq295">Note:</div>
<div class="notebody">The sum of the minimum
number of alphabetic, numeric, and special characters must be equal to or
less than the number specified as the minimum length of the password.</div></li></ul></li>
<li>Specify the maximum number of characters that can be repeated in the password.
This option limits the number of times a specific character can appear in
the password. If the value is set to zero, the number of repeated characters
is not checked.</li>
<li>Specify the minimum number of characters that must be different from the
previous password and the number of previous passwords specified in the <span class="bold">Minimum number of passwords before reuse</span> field.
If the value is set to zero, the number of different characters is not checked.</li>
<li>When you are finished, click <span class="bold">Apply</span> to save
your changes without exiting, or click <span class="bold">OK</span> to
apply your changes and exit, or click <span class="bold">Cancel</span> to
exit this panel without making any changes.</li></ol><img src="deltaend.gif" alt="End of change" /><img src="deltaend.gif" alt="End of change" />
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>