Passwordlockoutduration (lockout duration), Passwordmaxage (password maximum age), Passwordmaxfailure (maximum password failures) – Red Hat 8.1 User Manual

Entry DN

cn=config

Valid Values

on | off

Default Value

on

Syntax

DirectoryString

Example

passwordLockout: off

2.3.1.124 . passwordLockoutDuration (Lockout Duration)

Indicates the amount of time in seconds during which users are locked out of the directory after an
account lockout. The account lockout feature protects against hackers who try to break into the directory
by repeatedly trying to guess a user's password. Enable and disable the account lockout feature using
the passwordLockout attribute.

This can be abbreviated to pwdLockoutDuration.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Entry DN

cn=config

Valid Range

1 to the maximum 32 bit integer value
(2147483647) in seconds

Default Value

3600

Syntax

Integer

Example

passwordLockoutDuration: 3600

2.3.1.125. passwordMaxAge (Password Maximum Age)

Indicates the number of seconds after which user passwords expire. To use this attribute, password
expiration has to be enabled using the passwordExp attribute.

This can be abbreviated to pwdMaxAge.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Entry DN

cn=config

Valid Range

1 to the maximum 32 bit integer value
(2147483647) in seconds

Default Value

8640000 (100 days)

Syntax

Integer

Example

passwordMaxAge: 100

2.3.1.126. passwordMaxFailure (Maximum Password Failures)

Indicates the number of failed bind attempts after which a user is locked out of the directory. By default,
account lockout is disabled. Enable account lockout by modifying the passwordLockout attribute.

This can be abbreviated to pwdMaxFailure.

For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.

Parameter

Description

Entry DN

cn=config

Valid Range

1 to maximum integer bind failures

Default Value

3

Syntax

Integer

Example

passwordMaxFailure: 3

2.3.1.127. passwordMaxRepeats (Password Syntax)

Maximum number of times the same character can appear sequentially in the password. Zero (0) is off.
Integer values reject any password which used a character more than that number of times; for example,
1 rejects characters that are used more than once (aa) and 2 rejects characters used more than twice
(aaa).

Parameter

Description

Entry DN

cn=config

52

Chapter 2. Core Server Configuration Reference