Novell Doc: ConsoleOne 1.3.x User Guide

3.5 Password Management

Use the Password Restrictions page to set login password requirements for an User object.

User password are generally set upon creation of the User object (see Creating a User Object for more information). At that point, you can specify whether to set a default eDirectory password for the new user, or you can create the User object without an eDirectory password. If you create the object without an eDirectory password, the user won’t be able to log in unless you set up an alternate (non-eDirectory) means of authentication, such as a simple NMAS password. Or, you can create the User object without an eDirectory password and set the eDirectory password later using the Password Restrictions property page for the User object.

Right-click a User object, then click Properties.
Click Restrictions > Password Restrictions.

Choose from the following options:

Option	Description
Allow User to Change Password	Specifies whether this object is allowed to change its login password. The setting of this check box is stored in the Password Allow Change property of this object.
Require a Password	Specifies whether to prompt for a password during login. To cause this object to be prompted for a password, select this check box and enter the minimum number of characters required for the password in the Minimum Password Length field. You can enter a number from 1 to 128 or accept the default of 5. The setting of this check box is stored in the Password Required property of this object, and the minimum password length is stored in the Password Minimum Length property of this object.
Force Periodic Password Changes	Specifies whether to prompt this object to change its login password periodically. To cause the object to be prompted to change its login password periodically, select this check box and fill in the next two fields. Days Between Forced Changes Specifies the number of days this object is allowed to use a password before it expires. You can enter a number from 1 to 365. The setting of the Force Periodic Password Changes check box and the contents of this field are stored in the Password Expiration Interval property of this object. Date Password Expires Specifies the date and time this object’s current password expires. Click the calendar icon next to this field to set an expiration date and time. Once this object changes its password and each time it changes the password thereafter, the system resets the expiration date forward the number of days specified in the Days Between Forced Changes field. The expiration date is stored in the Password Expiration Time property of this object.
Require Unique Passwords	Specifies whether to prevent this object from reusing any of its last eight login passwords. The setting of this check box is stored in the Password Unique Required property of this object.
Limit Grace Logins	Specifies whether to limit the number of grace logins this object is allowed. A grace login means the object can log in with an expired password. To limit the number of grace logins, select this check box and fill in the next two fields. Grace Logins Allowed Specifies the number of grace logins this object is allowed. You can enter a number from 1 to 200 or accept the default of 6. The setting of the Limit Grace Logins check box and the contents of this field are stored in the Login Grace Limit property of this object. Remaining Grace Logins Specifies the number of grace logins this object has left. Each time the object uses a grace login, the system decrements this value. Each time the object changes its login password, the system resets this value to the number of grace logins allowed. If the object has exhausted its grace logins and you want to grant a few more grace logins (this time only), or if you want to set a different number of grace logins for the next time the login password expires, enter a number in this field. The number of grace logins remaining is stored in the Login Grace Remaining property of this object.
Change Password	Click this button to set this object’s eDirectory password. It displays the Set Password dialog box. Once you set the password and click OK in the dialog box, you are returned to the Properties dialog box and you can’t undo the password change by canceling the Properties dialog box. This button is disabled unless you have the Supervisor or Write right to the ACL or Password Management property of this object.

Click Apply > OK.