Core Server Configuration Attributes Reference
90 Red Hat Directory Server Configuration, Command, and File Reference • May 2005
passwordStorageScheme (Password Storage Scheme)
Specifies the type of encryption used to store Directory Server passwords. Enter
the password in
CLEAR
for this attribute, which indicates that the password will
appear in plain text.
The following encryption types are supported by the Directory Server:
• SSHA (Salted Secure Hash Algorithm) is the recommended method as it is the
most secure.
• SHA (Secure Hash Algorithm) is included only for backward compatibility
with 4.x Directory Servers; do not use this algorithm.
• CRYPT is the UNIX crypt algorithm. It is provided for compatibility with
UNIX passwords.
For more information on password policies, see chapter 7, “User Account
Management,” in the Red Hat Directory Server Administrator’s Guide.
passwordUnlock (Unlock Account)
Indicates whether users will be locked out of the directory for a specified amount
of time or until the administrator resets the password after an account lockout.
The account lockout feature protects against hackers who try to break into the
directory by repeatedly trying to guess a user’s password. If this
passwordUnlock
attribute is set to
off
and the operational attribute
accountUnlockTime
has a
value of
0
, then the account will be locked indefinitely.
For more information on password policies, see chapter 7, “User Account
Management,” in the Red Hat Directory Server Administrator’s Guide.
Default Value: 600
Syntax: Integer
Example: passwordResetFailureCount: 600
NOTE You can no longer choose to encrypt passwords using the
NS-MTA-MD5 password storage scheme. The storage scheme is
still present but only for reasons of backward compatibility.
Entry DN: cn=config
To Next Page
Loading...
Need help?
General
