Sample passwordPolicy.xml files

You can use the following sample password policy files when creating your own passwordPolicy.xml file.

Refer to Implementing password policies and see the note about the minimal password policy requirement which is enforced, regardless of passwordPolicy.xml settings.

The following example requires that passwords contain uppercase letters, numbers, and special characters.

<!-- all nested elements are optional, so an empty password policy is valid -->
<passwordPolicy>
	<!-- available for Release 2 -->
	<matchingPatterns>
		<minLength>0</minLength>		<!-- Omission means that there is no limit -->
		<maxLength>64</maxLength>		<!-- Omission means that there is no limit -->
		<required>3</required> 			<!-- this number must be less than or equal to the 
		# patterns listed below -->
		<patterns>
			<!-- <pattern>[a-z]</pattern> -->	<!-- patterns are Java regex patterns that 
			must match -->
			<pattern>[A-Z]</pattern>
			<pattern>[0-9]</pattern>
			<pattern>\W</pattern> 		<!-- a regex which means special characters -->
		</patterns>
	</matchingPatterns>
	<nonMatchingPatterns>		<!-- password patterns to exclude -->
		<!-- <patterns> -->
		<!-- <pattern></pattern> -->
		<!-- passwords which match these patterns are not allowed -->
		<!-- </patterns> -->
	</nonMatchingPatterns>
</passwordPolicy>

The following example requires that passwords contain lowercase and uppercase letters, numbers, and exclude special characters.

<passwordPolicy>
  <matchingPatterns>
    <minLength>3</minLength>
    <maxLength>64</maxLength>
    <required>3</required>
    <patterns>
       <pattern>[a-z]</pattern>
       <pattern>[A-Z]</pattern>
       <pattern>[0-9]</pattern>
       <!--   <pattern>\W</pattern> -->
    </patterns>
  </matchingPatterns>
  <nonMatchingPatterns>		
    <patterns>
       <pattern>\W</pattern>
    </patterns>
  </nonMatchingPatterns>
</passwordPolicy>

The following example requires that passwords be a minimum of 8 characters, a maximum of 64 characters, and contain at least 3 of the following patterns:

  • lowercase letters
  • uppercase letters
  • numbers
  • special characters

Also, this example does not allow three consecutive characters in the password. 

<passwordPolicy>
  <matchingPatterns>
    <minLength>8</minLength>
    <maxLength>64</maxLength>
    <required>3</required>
    <patterns>
      <pattern>[a-z]</pattern>
      <pattern>[A-Z]</pattern>
      <pattern>[0-9]</pattern> 
      <pattern>\W</pattern>
     </patterns>
</matchingPatterns>
<nonMatchingPatterns>
     <patterns>
      <pattern>(.)\1\1</pattern>
    </patterns>
  </nonMatchingPatterns>
</passwordPolicy>