Fix Pack 8

Password Policy

Password policy is a set of rules that controls how passwords are used and administered in TADDM. These rules are made to ensure that users change their passwords periodically, and that the passwords meet the organization's syntactic password requirements.

Taddm 7.3.0.8 provides the ability to define password policies with password strength rules that are used to determine whether a new password is valid.

A password strength rule is a rule to which a password must conform, such as the minimum length of the password, and the number of different types of characters allowed and disallowed. You can specify the standards and rules for passwords, for example:

Minimum of 15 characters in length

Must have at least two of the following characters types:
  • Uppercase
  • Lowercase
  • Numeric
  • Special characters
Important: The following password policy properties must be configured on the primary storage server and all the discovery servers in the collation.properties file. Make sure that all the configured values for the password policy properties are same on all the servers.
  • To enable the password policy, configure the following property to 'true'. By default it is 'false' which means that the password policy is disabled.
    com.collation.passwordpolicy=false
  • To change the minimum number of characters in length for the password, change the following property. The default value is 15.
    com.collation.passwordpolicy.minlength=15
  • To set the minimum number of characters types in the password from the uppercase, lowercase, numeric, or special characters, change the following property. The default value is 2.
    com.collation.passwordpolicy.MinCharTypes=2

Once the password policy is configured, the new password will be compliant with the new password policy. Currently, by default, the expiration of the password is set to 90 days from the date when a password is changed either by the user or by the administrator, or when a new user is created by the administrator.

Note:
  • This password policy applies only to the TADDM file-based repository authentication. For more details, refer to Planning for security.
  • This password policy does not apply to internal users (_topomgr, _discmgr , _pfm).
  • Existing password and the password expiry date will not change until the users, administrator, or operators changes their passwords at least once after the new password policy configured.