Managing the Password Policy270 Netscape Directory Server Administrator’s Guide • August 20026. Set the interval you want users to be locked out of the directory.Select the Lockout Forever radio button to lock users out until their passwordshave been reset by the administrator.Set a specific lockout period by selecting the Lockout duration radio buttonand entering the time (in minutes) in the text box.7. When you have finished making changes to the account lockout policy, clickSave.Configuring the Account Lockout Policy Using the Command LineThis section describes the attributes you set to create an account lockout policy toprotect the passwords stored in your server. Use ldapmodify to change theseattributes in the cn=config entry.Table 7-2 describes the attributes you can use to configure your account lockoutpolicy.Table 7-2 Account Lockout Policy AttributesAttribute Name DefinitionpasswordLockout This attribute indicates whether users are locked out of the directoryafter a given number of failed bind attempts. You set the number offailed bind attempts after which the user will be locked out using thepasswordMaxFailure attribute.You can lock users out for a specific time or until an administratorresets the password.This attribute is set to off by default, meaning that users will not belocked out of the directory.passwordMaxFailure This attribute indicates the number of failed bind attempts after whicha user will be locked out of the directory.This attribute takes affect only if the passwordLockout attribute isset to on.This attribute is set to 3 bind failures by default.passwordLockoutDuration This attribute indicates the time, in seconds, that users will be lockedout of the directory. You can also specify that a user is lock out untiltheir password is reset by an administrator using thepasswordUnlock attribute.By default, the user is locked out for 3600 second.