PreviousNext

pwd_strengthd(8sec)

The sample Password Management Server

Synopsis

pwd_strengthd [+/-all[_spaces]] [+/-alp[ha_num]]
[-c[ache_size]] size [-d[ebug]]
[-m[in_len]] pwd_min_len [-t[imeout]] minutes
[-v[erbose]]

Options

+all
Allows passwords to be all spaces. If this option is not set, the effective registry policy is used.

-all
Prevents passwords from being all spaces. If this option is not set, the effective registry policy is used.

+alp
Allows passwords to consist only of alphanumeric characters. If this option is not set, the effective registry policy is used.

-alp
Prevents passwords from consisting only of alphanumeric characters. If this option is not set, the effective registry policy is used.

-c size
Specifies the number of hash buckets in the password cache. The password cache is used to store generated passwords that are retrieved when the password is strength checked. The password cache is a hash table with a linked list for collisions. You should set the size to a reasonable value based on the average size of the cache. The default value is 100.

-d
Runs pwd_strengthd in the foreground. Logs messages are written to standard output.

-m pwd_min_len
Specifies the minimum length of a password. If this option is not set, the effective registry policy is used.

-t minutes
Specifies the time, in minutes, that generated passwords remain in the cache before they are deleted from memory. The default time is 30 minutes.

-v
Runs in verbose mode. More detailed messages are sent to the logfile $DCELOCAL/var/security/pwd_strengthd.log. (Use of this option is recommended.)

Description

The pwd_strengthd command is a sample password management server. It exports the rsec_pwd_mgmt application programming interface.

The pwd_strengthd command generates passwords and strength-checks them. It enforces the security registry policy for password strength-checking. Administrators can override the security registry policy through the command-line options (alpha_num, all_spaces, min_len.)

Administrators can subject principals to password-strength and generation policies by attaching the following ERAs:

pwd_val_type
Specifies the password management policy the user must conform to when selecting passwords.

pwd_mgmt_binding
Specifies information required in order to connect to the password management server.

See the OSF DCE Administration Guide - Core Components for more information and examples.

Notes
You may want to enhance pwd_strengthd to support your sites policies for password strength and generation.

Related Information
Commands: passwd_export(8sec)

passwd_import(8sec)