Enabling password policy for platform users

If you are running IAS version 1.0.11.1 or later, you can enable password policy for platform users from internal LDAP server.

About this task

Note: When password policy is enabled on the system, any existing users are affected by it. Any user whose password exceeded the maximum number of days defined in the password policy, on their next login, is prompted to change their password.

Procedure

  1. Login to the appliance as apuser or an equivalent member of ibmapadmin OS group.
  2. Use the ap_ldap_ppolicy.pl setdefault to set the default password policy for platform users.
    Usage:
    ap_ldap_ppolicy.pl   setdefault
    
    WARNING:This operation enforces default password policy for Internal LDAP
    platform users
    
    Do you want to go ahead with enable operation? (yes/no)?yes
    Successfully enabled password policy for internal LDAP directory.
    

Results

The setdefault option sets password policy and complexity attributes as below:
ap_ldap_ppolicy.p listpolicy

+----------------------------------------------------------------+
| Internal LDAP Password Policy                                  |
+----------------------------------------+-------------+---------+
| Password Policy Attribute              | Value       | Unit    |
+----------------------------------------+-------------+---------+
| pwdMaxAge                              | 90          | Days    |
| pwdExpireWarning                       | 10          | Days    |
| pwdInHistory                           | 5           |         |
| pwdMaxFailure                          | 5           |         |
| pwdLockout                             | TRUE        |         |
| pwdLockoutDuration                     | 1800        | Seconds |
| pwdFailureCountInterval                | 900         | Seconds |
| pwdMustChange                          | TRUE        |         |
| pwdAllowUserChange                     | TRUE        |         |
| pwdSafeModify                          | FALSE       |         |
+----------------------------------------+-------------+---------+
| Password Complexity Attribute          | Value       | Unit    |
+----------------------------------------+-------------+---------+
| pwdMinLength                           | 15          | Chars   |
| pwdMinUppercase                        | 1           | Chars   |
| pwdMinLowercase                        | 1           | Chars   |
| pwdMinDigits                           | 1           | Chars   |
| pwdMinSpecialchars                     | 1           | Chars   |
| pwdMinDiffCharsfromOld                 | 8           | Chars   |
| pwdMaxRepeatChar                       | 3           | Chars   |
| pwdMaxclassChars                       | 4           | Chars   |
| pwdMinclasses                          | 4           | Chars   |
+----------------------------------------+-------------+---------+