A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more. How to access this content. Issue Requirement 1. Keep history of used passwords the number of previous passwords which cannot be reused Requirement 2. Password size Minimum acceptable size for the new password. Requirement 3. Set limit to number of digits in password.
Requirement 4. Set limit to number of Upper Case characters in password. Requirement 5. Set limit to number of Lower Case characters in password. There are three main configuration areas that are defined within the password policy:. Strength or complexity requirements. While the password policy is set in the LDAP directory and is based on Directory Server password policy attributes, the policy is ultimately constrained by the KDC password policy framework.
Any other policy settings made within the Directory Server are not visible or enforced in Identity Management. Password policies are assigned either globally or to groups in IdM, not to individual users. The password policy is assigned a priority, so that if a user belongs to multiple groups with different password policies, the policy with the highest priority will take precedence.
The different policy attributes that can be set are listed in Table Table This can prevent a user from changing a password and then immediately changing it to the original value.
The default value is one hour. Maximum Password Lifetime --maxlife Sets the maximum period of time, in days, that a user's password can be in effect before it must be changed. The default value is 90 days. Minimum Number of Character Classes --minclasses Sets the minimum number of different classes, or types, of character that must exist in a password before it is considered valid.
For example, setting this value to 3 requires that any password must have characters from at least three categories in order to be approved.
The default value is zero 0 , meaning there are no required classes. Comments 4. Changing password for testuser. Choose another. Greatly appreciated. Community Member 40 points. Log in to join the conversation. MM Community Member 40 points.
Milan Milicic. I returned SELinux to Enforcing state. Then you should report this as a bug. You can generate a local policy module to allow this access. Again, no changes. I wonder if there is a bug in gkr-pam? So, there's a solution, but it's a dirty one. However, this inclusion did not work.
0コメント