Password policy definition file
- Organization of this page
Format
[JP1_DEFAULT\JP1BASE\PASSWDPOLC] "ENABLE"=dword:{00000000 | 00000001} "PASSWD_LEN_MIN"=dword:hexa-decimal-number "NUM_OF_CHAR_TYPE_MIN"=dword:hexa-decimal-number "REQ_CHAR_TYPE"=character-type |
Parameters by type
- Required parameters:
-
None
- Custom parameters:
-
-
ENABLE
-
PASSWD_LEN_MIN
-
NUM_OF_CHAR_TYPE_MIN
-
REQ_CHAR_TYPE
-
File name
jp1bs_passwdpolc.conf
Storage destination directory
- In Windows:
-
installation-folder\conf\passwdpolc\
shared-folder\jp1base\conf\passwdpolc\ (in a cluster system)
- In UNIX:
-
/etc/opt/jp1base/conf/passwdpolc/
shared-directory/jp1base/conf/passwdpolc/ (in a cluster system)
Description
Sets common definition information on the authentication server to set a password policy. If a secondary authentication server is installed, this file must be set on both the primary authentication server and the secondary authentication server.
If a password policy check is enabled, the authentication server determines that a password is valid if the password satisfies all the conditions set out by the policy items.
When setting this file on a logical host, you have to set it on both the primary node and the secondary node. In this case, you have to change JP1_DEFAULT of [JP1_DEFAULT\JP1BASE] to the logical host name.
Application of settings
When the jbssetcnf command is executed, the contents of the password policy definition file (jp1bs_passwdpolc.conf) are added to the common definition information. For details on the jbssetcnf command, see jbssetcnf in 15. Commands.
Definitions become effective at the time of JP1/Base (authentication server) start.
Definition details
The following conventions apply to entries in the password policy definition file.
-
Do not enter a space or tab before or after an equal sign (=) or comma (,) or at the beginning or end of a line. If a space or tab character appears in these locations, an error occurs at jbssetcnf command execution.
-
Lines containing only a linefeed character are ignored.
- [JP1_DEFAULT\JP1BASE\PASSWDPOLC]
-
This section writes configuration information for password policy checks. To set a logical host, change JP1_DEFAULT to the logical host name.
- "ENABLE"=dword:{00000000 | 00000001}
-
Specify whether to enable or disable the password policy check. Specify dword:00000001 to enable the function. Specify dword:00000000 to disable the function. If you omit this parameter from the common definition information, dword:00000000 is assumed.
The parameters that follow are valid when dword:00000001 is specified for the ENABLE parameter.
- "PASSWD_LEN_MIN"=dword:hexa-decimal-number
-
Specify the minimum number of characters each password must contain in hexadecimal notation. You can specify a value in the range from 00000006 (6 characters) to 00000020 (32 characters).
If no value is set for this parameter, it is assumed that the default value 00000006 (6 characters) is set.
- "NUM_OF_CHAR_TYPE_MIN"=dword:hexa-decimal-number
-
Specify the number of character types that must be used in a password in hexadecimal notation.
You can specify a value in the range from 00000000 (0) to 00000004 (4). When no value is set, it is assumed that the default value 00000000 (0) is set. When 00000000 (0) is set, any number of character types can be used in a password. There are four available character types, including numbers, uppercase alphabetic characters, lowercase alphabetic characters, and symbols.
- "REQ_CHAR_TYPE"=character type
-
Specify a character type that must be used in a password. When specifying multiple character types, separate them with commas (,). The parameter values are case-insensitive.
- NUM
-
The use of one or more numbers (0 to 9) is mandatory.
- UPPER
-
The use of one or more uppercase alphabetic characters (from A to Z) is mandatory.
- LOWER
-
The use of one or more lowercase alphabetic characters (from a to z) is mandatory.
- SYMBOL
-
The use of one or more symbols is mandatory.
Only ASCII characters, except \, ", :, tabs, and spaces, can be used in a password.
When mandatory character types are not set in the common definition information, it is assumed that no mandatory character type is specified for passwords. Similarly, when invalid values (values other than those described above) are specified, it is assumed that no mandatory character type is specified for passwords.
Definition example
An example of a definition used when password policy checks are enabled is provided below. In this example, the following password policy is set:
-
At least eight characters must be included in a password.
-
A password must use at least three character types.
-
A password must use one or more numbers, uppercase alphabetic characters, and lowercase alphabetic characters.
[JP1_DEFAULT\JP1BASE\PASSWDPOLC] "ENABLE"=dword:00000001 "PASSWD_LEN_MIN"=dword:00000008 "NUM_OF_CHAR_TYPE_MIN"=dword:00000003 "REQ_CHAR_TYPE"="NUM,UPPER,LOWER"