5.1 Configuring Enforce Login Restrictions

This section provides information about the following:

5.1.1 Prerequisites

  • Install NMAS™ Server 3.1.

  • Set up intruder detection for all users in the subtrees configured for the realm.

  • Set up extra login security for a user.

    For more information, refer to the Managing User Accounts section in the Novell eDirectory 8.8 Administration Guide.

  • (Conditional) If Universal Password is used as the Kerberos Password, then create and assign a password policy for users.

    Ensure that the Enable the Advanced Password Rules option in Novell iManager is enabled in the password policy at the tree, container, or user level. For more information, refer to the Managing Passwords by Using Password Policies section in the Novell Password Administration Guide.

  • Enable pre-authentication for Kerberos principals. You can enable pre-authentication at the realm or principal level. For more information, refer to the following sections:

5.1.2 Enabling Login Restrictions

You can use either of the following methods to enable the Enforce Login Restrictions feature:

Command Line

Use the following syntax to enable this feature:

kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu -r ATHENA.MIT.EDU create -subtrees o=org -lp

kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu -r ATHENA.MIT.EDU modify -lp

To disable login restrictions, use the above command with the -clearlp option.

iManager

  1. In Novell iManager, click the Roles and Tasks button .

  2. Click Kerberos Management > New Realm.

    If you are modifying the realm, click Kerberos Management > Edit Realm.

Refer to the iManager online help for more information.