Filter
Top Products
Administering the Kerberos Server
Password Policy File
Chapter 8 119
Password Policy File
The password policy file controls password rules, such as password
length, number of character types, and the lifetime of a password. The
password.policy file located on each of the primary and secondary
security servers in the /opt/krb5 directory.
Editing the Default File
To edit the password policy file and configure it to match the
requirements of your organization, use a text editor on the primary
security server. You must have the appropriate read-write permissions to
access the password policy file.
The default password policy file is designed around the following
instances or policy groups:
• Principals that do not have an instance
• Principals with an admin instance
• Principals with a root instance
• The base group named *, which consists of all the other principals
You can also add more policy groups to identify specific instances in your
enterprise.
Table 8-3 explains the password policy settings and the defaults for the
base group and the * instance group in the password policy file.
Table 8-3 Default Password Policy Settings for the Base Group
Password Policy Setting Default Value
*.MaxRepeatChars 3
*.MaxRepeatClasses 4
*.MaximumMatch 4
*.MinimumLength 6
*.MinimumClasses 2