You can implement custom scripts for testing and generating passwords if the password requirements cannot be mapped with the existing settings options. Scripts are applied in addition to the other settings.
You can implement custom scripts for testing and generating passwords if the password requirements cannot be mapped with the existing settings options. Scripts are applied in addition to the other settings.
You can implement a script if additional policies need to be used for checking a password that cannot be mapped with the available settings.
Public Sub CCC_CustomPwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)
With parameters:
policy = password policy object
spwd = password to check
TIP: To use a base object, take the Entity property of the PasswordPolicy class.
A password cannot start with ? or ! . The password cannot start with three identical characters. The script checks a given password for validity.
Public Sub CCC_PwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)
Dim pwd = spwd.ToInsecureArray()
If pwd.Length>0
If pwd(0)="?" Or pwd(0)="!"
Throw New Exception(#LD("Password can't start with '?' or '!'")#)
End If
End If
If pwd.Length>2
If pwd(0) = pwd(1) AndAlso pwd(1) = pwd(2)
Throw New Exception(#LD("Invalid character sequence in password")#)
End If
End If
End Sub
To use a custom script for checking a password
In the Designer, create your script in the Script Library category.
Edit the password policy.
In the Manager, select the Unix > Basic configuration data > Password policies category.
In the result list, select the password policy.
Select the Change main data task.
On the Scripts tab, enter the name of the script to be used to check a password in the Check script field.
Save the changes.
You can implement a generating script if additional policies need to be used for generating a random password, which cannot be mapped with the available settings.
Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)
With parameters:
policy = password policy object
spwd = generated password
TIP: To use a base object, take the Entity property of the PasswordPolicy class.
In random passwords, this script replaces the invalid characters ? and ! at the beginning of a password with _.
Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)
Dim pwd = spwd.ToInsecureArray()
' replace invalid characters at first position
If pwd.Length>0
If pwd(0)="?" Or pwd(0)="!"
spwd.SetAt(0, CChar("_"))
End If
End If
End Sub
To use a custom script for generating a password
In the Designer, create your script in the Script Library category.
Edit the password policy.
In the Manager, select the Unix > Basic configuration data > Password policies category.
In the result list, select the password policy.
Select the Change main data task.
On the Scripts tab, enter the name of the script to be used to generate a password in the Generating script field.
Save the changes.
You can add words to a list of restricted terms to prohibit them from being used in passwords.
NOTE: The restricted list applies globally to all password policies.
To add a term to the restricted list
In the Designer, select the Base data > Security settings > Password policies category.
Create a new entry with the Object > New menu item and enter the term you want to exclude from the list.
Save the changes.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center