Policy Settings
Define the following settings for a password policy on the Password tab.
|
Property |
Meaning |
|---|---|
|
Initial password |
Initial password for new user accounts. If no password is given when the user account is added or a random password is generated, the initial password is used. |
|
Password confirmation |
Reconfirm password. |
|
Min. Length |
Minimum length of the password. Specify the number of characters a password must have. |
|
Max. length |
Maximum length of the password. Specify the number of characters a password can have. |
|
Max. errors |
Maximum number of errors. Set the number of invalid passwords. If the user has reached this number the user account is blocked. |
|
Validity period |
Maximum age of the password. Enter the length of time a password can be used before it expires. |
|
Password history |
Enter the number of passwords to be saved. If the value '5' is entered, for example, the last 5 passwords of the user are saved. |
|
Min. password strength |
Specifies how secure the password must be. The higher the password strength, the more secure it is. The password strength is not tested if the value is '0'. The values '1', '2', '3' and '4' gauge the required complexity of the password. The value '1' demands the least complex password. The value '4' demands the highest complexity. |
|
Name properties denied |
Specifies whether name properties are permitted in the password. |
Character Sets for Passwords
Use the Character classes tab to specify which characters are permitted for a password.
|
Property |
Meaning |
|---|---|
|
Min. letters |
Specifies the minimum number of alphabetical characters the password must contain. |
|
Min. number lower case |
Specifies the minimum number of lowercase letters the password must contain. |
|
Min. number uppercase |
Specifies the minimum number of uppercase letters the password must contain. |
|
Min. number digits |
Specifies the minimum number of digits the password must contain. |
|
Min. number special characters |
Specifies the minimum number of special characters the password must contain. |
|
Permitted special characters |
List of permitted characters. |
|
Denied special characters |
List of characters, which are not permitted. |
|
Max. identical characters in total |
Maximum number of identical characters that can be present in the password in total. |
|
Max. identical characters in succession |
Maximum number of identical character that can be repeated after each other. |
Custom Scripts for Password Requirements
You can implement custom scripts for testing and generating password if the password requirements cannot be mapped with the existing settings options. Scripts are applied in addition to the other settings.
Detailed information about this topic
Script for Checking a Password
You can implement a check script if additional policies need to be used for checking a password, which cannot be mapped with the available settings.
Syntax for Check Scripts
Public Sub CCC_CustomPwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)
With parameters:
policy = password policy object
spwd = password to test
|
|
TIP: To use a base object, take the property Entity of the PasswordPolicy class. |
Example for a script for testing a password
A password cannot have '?' or '!' at the beginning. The script checks a given password for validity.
Public Sub CCC_PwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)
Dim pwd = spwd.ToInsecureArray()
If pwd.Length>0
If pwd(0)="?" Or pwd(0)="!"
Throw New Exception(#LD("Password can't start with '?' or '!'")#)
End If
End If
If pwd.Length>2
If pwd(0) = pwd(1) AndAlso pwd(1) = pwd(2)
Throw New Exception(#LD("Invalid character sequence in password")#)
End If
End If
End Sub
To use a custom script for checking a password
- Create your script in the category Script Library in the Designer.
- Edit the password policy.
-
Select the category Manager | Basic configuration data | Password policies in the LDAP.
- Select the password policy in the result list.
- Select Change master data in the task view.
- Enter the name of the script to test the password in Check script on the Scripts tab.
- Save the changes.
-