Password policy definition file

Organization of this page

Format
Parameters by type
File name
Storage destination directory
Description
Application of settings
Definition details
Definition example

Format

[JP1_DEFAULT\JP1BASE\PASSWDPOLC]

"ENABLE"=dword:{00000000 | 00000001}

"PASSWD_LEN_MIN"=dword:hexa-decimal-number

"NUM_OF_CHAR_TYPE_MIN"=dword:hexa-decimal-number

"REQ_CHAR_TYPE"=character-type

To Page Top

Parameters by type

Required parameters:

None

Custom parameters:

ENABLE
PASSWD_LEN_MIN
NUM_OF_CHAR_TYPE_MIN
REQ_CHAR_TYPE

To Page Top

File name

jp1bs_passwdpolc.conf

To Page Top

Storage destination directory

In Windows:

installation-folder\conf\passwdpolc\

shared-folder\jp1base\conf\passwdpolc\ (in a cluster system)

In UNIX:

/etc/opt/jp1base/conf/passwdpolc/

shared-directory/jp1base/conf/passwdpolc/ (in a cluster system)

To Page Top

Description

Sets common definition information on the authentication server to set a password policy. If a secondary authentication server is installed, this file must be set on both the primary authentication server and the secondary authentication server.

If a password policy check is enabled, the authentication server determines that a password is valid if the password satisfies all the conditions set out by the policy items.

When setting this file on a logical host, you have to set it on both the primary node and the secondary node. In this case, you have to change JP1_DEFAULT of [JP1_DEFAULT\JP1BASE] to the logical host name.

To Page Top

Application of settings

When the jbssetcnf command is executed, the contents of the password policy definition file (jp1bs_passwdpolc.conf) are added to the common definition information. For details on the jbssetcnf command, see jbssetcnf in 15. Commands.

Definitions become effective at the time of JP1/Base (authentication server) start.

To Page Top

Definition details

The following conventions apply to entries in the password policy definition file.

Do not enter a space or tab before or after an equal sign (=) or comma (,) or at the beginning or end of a line. If a space or tab character appears in these locations, an error occurs at jbssetcnf command execution.
Lines containing only a linefeed character are ignored.

[JP1_DEFAULT\JP1BASE\PASSWDPOLC]: This section writes configuration information for password policy checks. To set a logical host, change JP1_DEFAULT to the logical host name.
"ENABLE"=dword:{00000000 | 00000001}: Specify whether to enable or disable the password policy check. Specify dword:00000001 to enable the function. Specify dword:00000000 to disable the function. If you omit this parameter from the common definition information, dword:00000000 is assumed.

The parameters that follow are valid when dword:00000001 is specified for the ENABLE parameter.

"PASSWD_LEN_MIN"=dword:hexa-decimal-number

Specify the minimum number of characters each password must contain in hexadecimal notation. You can specify a value in the range from 00000006 (6 characters) to 00000020 (32 characters).

If no value is set for this parameter, it is assumed that the default value 00000006 (6 characters) is set.

"NUM_OF_CHAR_TYPE_MIN"=dword:hexa-decimal-number

Specify the number of character types that must be used in a password in hexadecimal notation.

You can specify a value in the range from 00000000 (0) to 00000004 (4). When no value is set, it is assumed that the default value 00000000 (0) is set. When 00000000 (0) is set, any number of character types can be used in a password. There are four available character types, including numbers, uppercase alphabetic characters, lowercase alphabetic characters, and symbols.

"REQ_CHAR_TYPE"=character type

Specify a character type that must be used in a password. When specifying multiple character types, separate them with commas (,). The parameter values are case-insensitive.

NUM

The use of one or more numbers (0 to 9) is mandatory.

UPPER

The use of one or more uppercase alphabetic characters (from A to Z) is mandatory.

LOWER

The use of one or more lowercase alphabetic characters (from a to z) is mandatory.

SYMBOL

The use of one or more symbols is mandatory.

Only ASCII characters, except \, ", :, tabs, and spaces, can be used in a password.

When mandatory character types are not set in the common definition information, it is assumed that no mandatory character type is specified for passwords. Similarly, when invalid values (values other than those described above) are specified, it is assumed that no mandatory character type is specified for passwords.

To Page Top

Definition example

An example of a definition used when password policy checks are enabled is provided below. In this example, the following password policy is set:

At least eight characters must be included in a password.
A password must use at least three character types.
A password must use one or more numbers, uppercase alphabetic characters, and lowercase alphabetic characters.

[JP1_DEFAULT\JP1BASE\PASSWDPOLC]
"ENABLE"=dword:00000001
"PASSWD_LEN_MIN"=dword:00000008
"NUM_OF_CHAR_TYPE_MIN"=dword:00000003
"REQ_CHAR_TYPE"="NUM,UPPER,LOWER"

To Page Top