Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 90616 invoked from network); 12 Oct 2010 16:20:22 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 12 Oct 2010 16:20:22 -0000 Received: (qmail 44205 invoked by uid 500); 12 Oct 2010 16:20:22 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 44137 invoked by uid 500); 12 Oct 2010 16:20:22 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 44130 invoked by uid 99); 12 Oct 2010 16:20:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Oct 2010 16:20:21 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Oct 2010 16:20:20 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 6466323889E9; Tue, 12 Oct 2010 16:20:00 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1021828 - /directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml Date: Tue, 12 Oct 2010 16:20:00 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101012162000.6466323889E9@eris.apache.org> Author: elecharny Date: Tue Oct 12 16:20:00 2010 New Revision: 1021828 URL: http://svn.apache.org/viewvc?rev=1021828&view=rev Log: Added the pwdPolicy configuration doco Modified: directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml Modified: directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml URL: http://svn.apache.org/viewvc/directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml?rev=1021828&r1=1021827&r2=1021828&view=diff ============================================================================== --- directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml (original) +++ directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml Tue Oct 12 16:20:00 2010 @@ -382,6 +382,194 @@
+ PasswordPolicy configuration + The PasswordPolicy is an interceptor used to control the Password format and policy. The + configurable parameters are given below. + + + + pwdAttribute + Name : pwdAttribute + Type : String or OID + Default value : userPassword + Description : The name of the attribute to which the password policy is applied. + Currently only "userPassword" attribute is supported + + + + pwdLockoutDuration + Name : pwdLockoutDuration + Type : Integer + Default value : 300 + Description : The number of seconds that the password cannot be used to authenticate due to + too many failed bind attempts. + Default value is 300 seconds. + + + + pwdMaxFailure + Name : pwdMaxFailure + Type : Integer + Default value : 0 + Description : The number of consecutive failed bind attempts after which the password may not + be used to authenticate. + Default value is 0, no limit on the number of authentication failures + + + + pwdFailureCountInterval + Name : pwdFailureCountInterval + Type : Integer + Default value : 0 + Description : The number of seconds after which the password failures are purged from the failure counter. + Default value is 0, reset all pwdFailureTimes after a successful authentication. + + + + pwdMustChange + Name : pwdMustChange + Type : Boolean + Default value : false + Description : Flag to indicate if the password must be changed by the user after they bind to the + directory after a password is set or reset by a password administrator. + Default value is false, no need to change the password by user. + + + + pwdAllowUserChange + Name : pwdAllowUserChange + Type : Boolean + Default value : true + Description : Indicates whether users can change their own passwords. Default value is true, allow change. + + + + pwdSafeModify + Name : pwdSafeModify + Type : Boolean + Default value : false + Description : Flag to specify whether or not the existing password must be sent along with the + new password when being changed. + + + + pwdMinAge + Name : pwdMinAge + Type : Integer + Default value : 0 + Description : Holds the number of seconds that must elapse between modifications to the password. + + + + pwdMaxAge + Name : pwdMaxAge + Type : Integer + Default value : 0 + Description : Holds the number of seconds after which a modified password will expire. + Default value is 0, does not expire. If not 0, the value must be greater than or equal + to the value of the pwdMinAge. + + + + pwdMinDelay + Name : pwdMinDelay + Type : Integer + Default value : 0 + Description : The number of seconds to delay responding to the first failed authentication attempt + Default value 0, no delay. + + + + pwdMaxDelay + Name : pwdMaxDelay + Type : Integer + Default value : 3 + Description : The maximum number of seconds to delay when responding to a failed authentication attempt. + + + + pwdMaxIdle + Name : pwdMaxIdle + Type : Integer + Default value : 0 + Description : The number of seconds an account may remain unused before it becomes locked + Default value is 0, no check for idle time. + + + + pwdGraceExpire + Name : pwdGraceExpire + Type : Integer + Default value : 0 + Description : Specifies the number of seconds the grace authentications are valid + Default value is 0, no limit. + + + + pwdMaxLength + Name : pwdMaxLength + Type : Integer + Default value : 0 + Description : This attribute holds the maximum number of characters that may be used in a password. + Default value 0, no maximum length enforced + + + + pwdInHistory + Name : pwdInHistory + Type : Integer + Default value : 0 + Description : Specifies the maximum number of used passwords stored in the pwdHistory attribute. + Default value is 0, no password history maintained + + + + pwdCheckQuality + Name : pwdCheckQuality + Type : Integer + Default value : 0 + Description : Indicates how the password quality will be verified while being modified or added. + Default value 0, do not check + + + + pwdMinLength + Name : pwdMinLength + Type : Integer + Default value : 0 + Description : This attribute holds the minimum number of characters that must be used in a password. + Default value 0, no minimum length enforced + + + + pwdExpireWarning + Name : pwdExpireWarning + Type : Integer + Default value : 0 + Description : The maximum number of seconds before a password is due to expire that expiration warning + messages will be returned to an authenticating user. + Default value is 0, never send a warning message. + + + + pwdGraceAuthNLimit + Name : pwdGraceAuthNLimit + Type : Integer + Default value : 0 + Description : the number of times an expired password can be used to authenticate. + Default value is 0, do not allow a expired password for authentication. + + + + pwdLockout + Name : pwdLockout + Type : Boolean + Default value : false + Description : Flag to indicate if the account needs to be locked after a specified number of + consecutive failed bind attempts. The maximum number of consecutive + failed bind attempts is specified in pwdMaxFailure + +