142 Fabric OS Administrator’s Guide
53-1002745-02
Password policies
5
• Punctuation
Specifies the minimum number of punctuation characters that must appear in the password.
All printable, non-alphanumeric punctuation characters except the colon ( : ) are allowed. The
default value is zero. The maximum value must be less than or equal to the MinLength value.
• MinLength
Specifies the minimum length of the password. The minimum can be from 8 to 40 characters.
New passwords must be between the minimum length specified and 40 characters. The
default value is 8. The maximum value must be greater than or equal to the MinLength value.
• Repeat
Specifies the length of repeated character sequences that will be disallowed. For example, if
the “repeat” value is set to 3, a password “passAAAword” is disallowed because it contains the
repeated sequence “AAA”. A password of “passAAword” would be allowed because no repeated
character sequence exceeds two characters. The range of allowed values is 1 through 40. The
default value is 1.
• Sequence
Specifies the length of sequential character sequences that will be disallowed. A sequential
character sequence is defined as a character sequence in which the ASCII value of each
contiguous character differs by one. The ASCII value for the characters in the sequence must
all be increasing or decreasing. For example, if the “sequence” value is set to 3, a password
“passABCword” is disallowed because it contains the sequence “ABC”. A password of
“passABword” would be allowed because it contains no sequential character sequence
exceeding two characters. The range of allowed values is 1 through 40. The default value is 1.
When set to 1, sequential characters are not enforced.
Example of a password strength policy
The following example shows a password strength policy that requires passwords to contain at
least 3 uppercase characters, 4 lowercase characters, and 2 numeric digits; the minimum
length of the password is 9 characters.
> passwdcfg --set -uppercase 3 -lowercase 4 -digits 2 -minlength 9
Password history policy
The password history policy prevents users from recycling recently used passwords, and is enforced
across all user accounts when users are setting their own passwords. The password history policy is
enforced only when a new password is defined.
Specify the number of past password values that are disallowed when setting a new password. Allowable
password history values range between 0 and 24. If the value is set to 0, it means that the new password
cannot be set to the current password, but can be set to the most recent password. The default value
is 1, which means the current and one previous password cannot be reused. The value 2 indicates that
the current and the two previous passwords cannot be used (and so on, up to 24 passwords).
This policy does not verify that a new password meets a minimal standard of difference from prior
passwords; rather, it only determines whether or not a newly specified password is identical to one
of the specified number (1–24) of previously used passwords.
The password history policy is not enforced when an administrator sets a password for another
user; instead, the user’s password history is preserved and the password set by the administrator
is recorded in the user’s password history.
To Next Page
Loading...
Need help?
General