PreviousNext

Registry-wide Policy Attributes

acctlife {relative_time | unlimited}
This registry-wide organization policy defines the lifespan of accounts. Specify the time using the DTS relative time format ([-]DD-hh:mm:ss) or the string unlimited to define and unlimited lifespan for accounts. The default is unlimited.

maxtktlife relative_time
This registry-wide account policy defines the maximum amount of time that a ticket can be valid. Specify the time using the DTS relative time format ([-]DD-hh:mm:ss). When a client requests a ticket to a server, the lifetime granted to the ticket takes into account the maxtktlife set for both the server and the client. In other words, the lifetime cannot exceed the shorter of the server's or client's maxtktlife. If you do not specify a maxtktlife for a registry, the maxtktlife defined as registry authorization policy is used. The default is

+1-00:00:00.000

maxtktrenew relative_time
This registry-wide account policy defines the amount of time before a principal's ticket-granting ticket expires and that principal must log in again to the system to reauthenticate and obtain another ticket-granting ticket. Specify the time using the DTS relative time format ([-]DD-hh:mm:ss). The lifetime of the principal's service tickets can never exceed the lifetime of the principal's ticket-granting ticket. The shorter you make this time, the greater the security of the system. However, because principals must log in again to renew their ticket-granting ticket, the time needs to take into consideration user convenience and the level of security required. If you do not specify this attribute for an account, the maxtktrenew lifetime defined as registry authorization policy is used. The default is

+28-00:00:00.000

This feature is not currently used by DCE; any use of this option is unsupported at the present time.

pwdalpha {yes | no}
This registry-wide organization policy defines whether or not passwords can consist entirely of alphanumeric characters. Its value is either yes or no. The default is yes.

pwdexpdate {ISO-timestamp | none}
This registry-wide organization policy defines a date on which a password expires. The date is entered as an internationalized date string or the string none, in which case, there is no expiration date for the password. The default is none.

pwdlife {relative_time| unlimited}
This registry-wide organization policy defines the lifespan of passwords. Specify the time using the DTS relative time format ([-]DD-hh:mm:ss) or the string unlimited. The default is unlimited.

pwdminlen integer
This registry-wide organization policy defines the minimum number of characters in a password. Its value is a positive integer or the integer 0, which means there is no minimum length. The default is 0.

pwdspaces {yes | no}
This registry-wide organization policy defines whether or not passwords can consist entirely of spaces. Its value is either yes or no. The default is no.