Configuring Password Policy

The Password Policy is defined in a YAML text file. The policy to use is set with the --password-policy startup option. For example:

CODE

run server / <run-options> / --password-policy pwdpol <other-options>

In this case, PWDPOL is the name of the Password Policy YAML configuration file.

This is an example policy file:

CODE

PasswordPolicyConfig:
  monitorInterval: 15
  loginOptions:
    maxFailures: 5
  passwordOptions:
    minLength: 8
    maxLength: 12           # Absolute maximum is 64
    special: true           # at least one special character
    digit: true             # at least one numeric digit
    upper: true             # at least one uppercase letter
    lower: true             # at least one lowercase letter
    firstMustBeLetter: false # first character must be alpha
  version: 1

Element	Value	Notes

Element	Value	Notes
`monitorInterval`	How often, in seconds, to check for a change in the YAML configuration file.	Values: `5` - `65535` Default: `5`
`maxFailures`	The allowed maximum number of login failures before the account is disabled (locked). Disabled accounts must be manually enabled.	Values: `1` - `60` Default: `5`
`minLength`	The minimum length for a password.	Values: `1` - `64` Default: `1`
`maxLength`	The maximum length for a password.	Values: `1` - `64` Default: `64` Must be greater than `minLength`.
`special`	Password must have at least one special character?	Values: `true`, `false`. Default: `false`
`digit`	Password must have at least one numeric digit.	Values: `true`, `false`. Default: `false`
`upper`	Password must have at least one uppercase alphabetic character.	Values: `true`, `false`. Default: `false`
`lower`	Password must have at least one lowercase alphabetic character.	Values: `true`, `false`. Default: `false`
`firstMustBeLetter`	The first character of the password must be an uppercase or lowercase alphabetic character.	Values: `true`, `false`. Default: `false`