User password policy for local platform users
The appliance administrator can configure password policy for platform users on IAS according to the organization policy. When they define such policy, user authentication is controlled by it.
Note: The password complexity and policy settings are applicable only to platform users added using
NodeOS utility and are not applicable to external LDAP/Windows AD authenticated users.
The appliance administrator can use a NodeOS utility ap_ldap_ppolicy.pl on the
appliance to configure password policy for platform user authentication.
The
ap_ldap_ppolicy.pl utility operates on two sets of policy attributes:- Password policy attributes, for example, a number of days when the password expires, allowed number of failed login attempts etc.
- Password complexity attributes, for example, password length, special characters required etc.
If the utility is not used to define the policy, then the following default settings apply:
- The appliance does not have any defined password policy attribute rules applied. The undefined attributes map its values to zero (0) or attribute not present. To use default password policy values, you must enable these attributes explicitly by using the ap_ldap_ppolicy.pl setdefault operation.
- The appliance has password complexity attributes set to the following default values:
- Minimum 15 characters;
- At least one uppercase letter, one lowercase letter, one number, and one special character;
- No more than four characters of same class;
- Minimum eight different characters from the current password and not more than 3 occurrences of same character.
ap_ldap_ppolicy.pl utility
There are four different options that you can use the ap_ldap_ppolicy.pl for:
- setdefault
- Set default password policy for internal LDAP platform users
- disable
- Disable password policy for internal LDAP platform users
- listpolicy
- View current password policy for internal LDAP platform users
- update
- Update password policy for internal LDAP platform users