An administrator can add a customized minimum password
age rule to limit users from changing the password on their account.
For example, you might want to specify the minimum time, in hours,
for a password change on your account before you can change it again.
Before you begin
Depending on how your system administrator customized your system, you might not
have access to this task. To obtain access to this task or to have someone complete it for you,
contact your system administrator.
Ensure that IBM® Security Identity Manager is installed.
About this task
Run the following procedure to configure and enable this
rule in your environment.
If you are on a clustered environment,
then repeat the following procedure on each node of the cluster. The
procedure configures and enables this rule in your environment.
Note: By default, this rule is disabled.
Procedure
- Stop WebSphere® Application Server.
- Change to the directory where the passwordrules.properties file is located.
For example: $ISIM_HOME/data.
- Uncomment the following property in passwordrules.properties files to enable the new rule:
password.rule.com.ibm.passwordrules.standard.MinAgeConstraint=true
The
Minimum Password Age
label is added in the
$ISIM_HOME/data/CustomLabels.properties file.
Note: ISIM_HOME is the directory where Security Identity Manager is
installed.
- Optional: Complete these steps if a language
pack is installed, or if the
com.ibm.passwordrules.standard.MinAgeConstraint
key is not assigned a label in the CustomLabels_nn.properties file:
- Edit the appropriate $ISIM_HOME/data/CustomLabels_nn.properties file
if a language pack is installed.
nn is a two letter language code. For example, en for English
.
- Add the following line at the end of the file with appropriate
messages for that language. Add the line after you replace the text
on the right of the equals “=” sign.
For example:
com.ibm.passwordrules.standard.MinAgeConstraint
=Minimum Password Age
Do not change the English text on
the left of the equals “=” sign.
- Change to the
directory where the tmsMessages.properties file
is located.
For example: $ISIM_HOME/data.
- Back up the tmsMessages.properties file.
- Using any text
editor, open the tmsMessages.properties file.
- Add the following
message at the end of the tmsMessages.properties file.
For example:
com.ibm.passwordrules.MinAgeConstraint.MIN_AGE_VIOLATED
=Attempting to set the password within minimum age of password.
If you violate the rule, this message displays
on the IBM Security Identity Manager Console.
- Save the tmsMessages.properties file and close the editor.
Note: Repeat Steps
5,
6,
7,
8, and
9 to edit the
tmsMessages_nn.properties file for the language packs that you installed.
- Start WebSphere Application Server.
Results
The Rule tab on the Manage
Password Policies page displays the Minimum
Password Age rule.
What to do next
Specify appropriate values for the minimum password age.