Enabling password strength validation

Edit online

The password strength validation module is disabled by default. You must enable it before you can validate whether a new password meets the configured criteria.

Procedure

Access the local management interface to configure an XSLT rules file to define the password strength rules. The following steps use password-rules.xslt as an example.
Select Web > Global Settings > Password Strength from the top menu. The Password Strength management page displays.
Take one of the following actions:
- If rules files exist, select the file that you want to enable, such as password-rules.xslt, from the available list of File Names.
- If no rules files exist:
  1. Click New to create a new rules file.
  2. Enter a name for the new file such as password-rules.xslt.
  3. Click Save. The system generates a new file that is based on the default template.
Click Edit.
Update the file to reflect the rules you want to set.
Click Save.
Access the WebSEAL configuration file for your instance.
Update the [password-strength] stanza in the WebSEAL configuration file as follows:
```
[password-strength]
rules-file = file 
debug-level = level
```
where:

file

Specifies the name of the rules file for the password strength validation module.

level

Controls the trace level for the module.
```
[password-strength]  
rules-file = password-rules.xslt
debug-level = 5
```
Note: The level variable indicates the trace level; 1 designates a minimal amount of tracing, and 9 designates the maximum. The Verify Identity Access pdadmin trace command also modifies the trace level by using the trace component name of pd.cas.pwdstrength. This trace component is only available after the first change password operation is processed.