Managing the Password Policy268 Netscape Directory Server Administrator’s Guide • August 2002Setting User PasswordsAn entry can be used to bind to the directory only if it has a userpasswordattribute and if it has not been inactivated. Because user passwords are stored inthe directory, you can use whatever LDAP operation you normally use to updatethe directory to set or reset the user passwords.passwordHistory This attribute indicates whether the directory stores a password history.When set to on, the directory stores the number of passwords you specifyin the passwordInHistory attribute in a history. If a user attempts toreuse one of the password, the password will be rejected.When you set this attribute to off, any passwords stored in the historyremain there. When you set this attribute back to on, users will not be ableto reuse the passwords recorded in the history before you disabled theattribute.This attribute is off by default, meaning users can reuse old passwords.passwordInHistory This attribute indicates the number of passwords the directory stores in thehistory. You can store from 2 to 24 passwords in the history. This feature isnot enabled unless the passwordHistory attribute is set to on.This attribute is set to 6 by default.passwordStorageScheme This attribute specifies the type of encryption used to store Directory Serverpasswords. The following encryption types are supported by DirectoryServer:• SSHA (Salted Secure Hash Algorithm). This method is recommends as itis the most secure. This is the default method.• SHA ( Secure Hash Algorithm). A one-way hash algorithm that is thedefault encryption schema in Directory Server 4.x.• crypt.The UNIX crypt algorithm, provided for compatibility withUNIX passwords.• clear. This encryption type indicates that the password will appear inplain text.Note that passwords stored using crypt, SHA, or SSHA formats cannot beused for secure login through SASL Digest MD5.If you want to provide your own customized storage scheme, consultNetscape Professional Services.Table 7-1 Password Policy Attributes (Continued)Attribute Name Definition