To prevent users from including their own details in their passwords, use the following command:
set password-substring-attrs = attribute-list;
This lists the attributes that contain details about the user that you do not want to be used in new passwords. The password cannot be a substring of the substring attrs and the substring attrs cannot be a substring of the password.
The user's details are taken from the values of the attributes in their own entry.
We recommend that you include only attributes that have string syntaxes. Values of other syntaxes may not be picked up by the password substring check.
Example: Prevent User Details in Passwords
You have set up the following password policy in the Democorp DSA:
set password-policy = true; set password-substring-attr = title;
The entry for Craig Link includes the following attributes and values:
Attribute |
Value |
---|---|
cn |
Craig LINK |
description |
Railways |
title |
Communications Engineer |
Craig Link cannot create the following passwords because they are substrings of the title attribute value:
He can create the following passwords:
This is acceptable because the description attribute is not listed in the set password-substring-attr command.
The space is missing, so this is not a substring of Communications Engineer.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |