This repository was archived by the owner on Jan 20, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 100
Lightwave Directory Password Policy
Sriram Nambakam edited this page Nov 22, 2016
·
5 revisions
- Every tenant (domain) in the Lightwave Directory includes a password policy object.
- The password policy object is located at distinguished name "CN=password and lockout policy" relative to the tenant domain object.
- The password policy object comprises of the following attributes.
| Password Strength Attribute | Default Value | Applicable to | Notes |
|---|---|---|---|
| vmwPasswordMinLength | 5 | Users, Administrators | Miminum length of password |
| vmwPasswordMaxLength | 20 | Users, Administrators | Maximum length of password |
| vmwPasswordMinAlphabeticCount | 2 | Users, Administrators | Minimum number of alphabetic characters |
| vmwPasswordMinUpperCaseCount | 1 | Users, Administrators | Minimum number of upper case characters |
| vmwPasswordMinLowerCaseCount | 1 | Users, Administrators | Minimum number of lower case characters |
| vmwPasswordMinNumericCount | 1 | Users, Administrators | Minimum number of numeric characters |
| vmwPasswordMinSpecialCharCount | 1 | Users, Administrators | Minimum number of special characters |
| vmwPasswordMaxIdenticalAdjacentChars | 3 | Users, Administrators | Maximum number of identitically adjacent characters |
| vmwPasswordProhibitedPreviousCount | 5 | Users, Administrators | Number of entries in password history |
| # | Character |
|---|---|
| 1 | '~' |
| 2 | '!' |
| 3 | '@' |
| 4 | '#' |
| 5 | '$' |
| 7 | '%' |
| 8 | '^' |
| 9 | '&' |
| 10 | '*' |
| 11 | '_' |
| 12 | '-' |
| 13 | '+' |
| 14 | '=' |
| 15 | '`' |
| 16 | '|' |
| 17 | '\' |
| 18 | '(' |
| 19 | ')' |
| 20 | '{' |
| 21 | '}' |
| 22 | '[' |
| 23 | ']' |
| 24 | ':' |
| 25 | ';' |
| 26 | '"' |
| 27 | '' |
| 28 | '<' |
| 29 | '>' |
| 30 | ',' |
| 31 | '.' |
| 32 | '?' |
| 33 | '/' |
| Lockout policy attribute | Default value | Applicable to | Notes |
|---|---|---|---|
| vmwPasswordLifetimeDays | 90 | User | Value of 0 implies password never expires |
| vmwPasswordChangeMaxFailedAttempts | 5 | User | Number of failed login attempts within vmwPasswordChangeFailedAttemptIntervalSec that will cause an account lockout |
| vmwPasswordChangeFailedAttemptIntervalSec | 180 | User | Interval in seconds between consecutive failed login attempts |
| vmwPasswordChangeAutoUnlockIntervalSec | 300 | User | Time in seconds to wait for account to unlock itself after getting locked out |
Password policy objects can be searched in Lightwave Directory (on a Lightwave Domain Controller) as follows:
$> ldapsearch -h localhost -p 389 -x -D "cn=Administrator,cn=Users,dc=photon,dc=local" -W -b "" -s subtree "objectclass=vmwPasswordPolicy"
dn: cn=password and lockout policy,dc=photon,dc=local
vmwPasswordProhibitedPreviousCount: 5
vmwPasswordLifetimeDays: 90
vmwPasswordMaxLength: 20
vmwPasswordMinLength: 5
vmwPasswordMinAlphabeticCount: 2
vmwPasswordMinUpperCaseCount: 1
vmwPasswordMinLowerCaseCount: 1
vmwPasswordMinNumericCount: 1
vmwPasswordMinSpecialCharCount: 1
vmwPasswordMaxIdenticalAdjacentChars: 3
vmwPasswordChangeMaxFailedAttempts: 5
vmwPasswordChangeFailedAttemptIntervalSec: 180
vmwPasswordChangeAutoUnlockIntervalSec: 300