9.1.9.3. Authenticator Management

Authenticator strength is enforced using slapo-ppolicy overlay for LDAP. The ppolicy overlay is then configured to use PAM cracklib to enforce complexity.

For the default password complexity rules see the What is the Password Complexity for SIMP? FAQ.

The integration point between the remote LDAP server and PAM is the pam_ldap pam module. SIMP configures pam_ldap to point to the SIMP LDAP server and communicates using TLS.

References: IA-5 (1)(a), IA-5 (1)(e)