红帽全球峰会此内容没有您所选择的语言版本。
19.2. Viewing Password Policies
There can be multiple password policies configured in IdM. There is always a global policy, which is set when the server is created. Additional policies can be created for groups in IdM.
The UI lists all of the group password policies and the global policy on the Password Policies page.
Using the CLI, both global and group-level password policies can be viewed using the
pwpolicy-show command. The CLI can also display the password policy in effect for a user.
19.2.1. Viewing the Global Password Policy
复制链接链接已复制到粘贴板!
The global password policy is created as part of the initial IdM server setup. This policy applies to every user until a group-level password policy supersedes it.
The default settings for the global password policy are listed in Table 19.2, “Default Global Password Policy”.
| Attribute | Value |
|---|---|
| Max lifetime | 90 (days) |
| Min lifetime | 1 (hour) |
| History size | 0 (unset) |
| Character classes | 0 (unset) |
| Min length | 8 |
| Max failures | 6 |
| Failure reset interval | 60 |
| Lockout duration | 600 |
19.2.1.1. With the Web UI
复制链接链接已复制到粘贴板!
- Click the Policy tab, and then click the Password Policies subtab.
- All of the policies in the UI are listed by group. The global password policy is defined by the global_policy group. Click the group link.
- The global policy is displayed.
19.2.1.2. With the Command Line
复制链接链接已复制到粘贴板!
To view the global policy, simply run the
pwpolicy-show command with no arguments:
19.2.2. Viewing Group-Level Password Policies
复制链接链接已复制到粘贴板!
19.2.2.1. With the Web UI
复制链接链接已复制到粘贴板!
- Click the Policy tab, and then click the Password Policies subtab.
- All of the policies in the UI are listed by group. Click the name of the group which is assigned the policy.
- The group policy is displayed.
19.2.2.2. With the Command Line
复制链接链接已复制到粘贴板!
For a group-level password policy, specify the group name with the command:
19.2.3. Viewing the Password Policy in Effect for a User
复制链接链接已复制到粘贴板!
A user may belong to multiple groups, each with their own separate password policies. These policies are not additive. Only one policy is in effect at a time and it applies to all password policy attributes. To see which policy is in effect for a specific user, the
pwpolicy-show command can be run for a specific user. The results also show which group policy is in effect for that user.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}