Adding a customized minimum password age rule

An administrator can add a customized minimum password age rule to limit users from changing the password on their account. For example, you might want to specify the minimum time, in hours, for a password change on your account before you can change it again.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

Ensure that IBM® Security Identity Manager is installed.

About this task

Run the following procedure to configure and enable this rule in your environment.

If you are on a clustered environment, then repeat the following procedure on each node of the cluster. The procedure configures and enables this rule in your environment.
Note: By default, this rule is disabled.

Procedure

  1. Stop WebSphere® Application Server.
  2. Change to the directory where the passwordrules.properties file is located.
    For example: $ISIM_HOME/data.
  3. Uncomment the following property in passwordrules.properties files to enable the new rule: 
    password.rule.com.ibm.passwordrules.standard.MinAgeConstraint=true
    The Minimum Password Age label is added in the $ISIM_HOME/data/CustomLabels.properties file.
    Note: ISIM_HOME is the directory where Security Identity Manager is installed.
  4. Optional: Complete these steps if a language pack is installed, or if the com.ibm.passwordrules.standard.MinAgeConstraint key is not assigned a label in the CustomLabels_nn.properties file:
    1. Edit the appropriate $ISIM_HOME/data/CustomLabels_nn.properties file if a language pack is installed.
      nn is a two letter language code. For example, en for English.
    2. Add the following line at the end of the file with appropriate messages for that language. Add the line after you replace the text on the right of the equals “=” sign.
      For example:
      com.ibm.passwordrules.standard.MinAgeConstraint
=Minimum Password Age
      Do not change the English text on the left of the equals “=” sign.
  5. Change to the directory where the tmsMessages.properties file is located.
    For example: $ISIM_HOME/data.
  6. Back up the tmsMessages.properties file.
  7. Using any text editor, open the tmsMessages.properties file.
  8. Add the following message at the end of the tmsMessages.properties file.
    For example: 
    com.ibm.passwordrules.MinAgeConstraint.MIN_AGE_VIOLATED
=Attempting to set the password within minimum age of password.
    If you violate the rule, this message displays on the IBM Security Identity Manager Console.
  9. Save the tmsMessages.properties file and close the editor.
    Note: Repeat Steps 5, 6, 7, 8, and 9 to edit the tmsMessages_nn.properties file for the language packs that you installed.
  10. Start WebSphere Application Server.

Results

The Rule tab on the Manage Password Policies page displays the Minimum Password Age rule.

What to do next

Specify appropriate values for the minimum password age.