4.3 Configuring Password Complexity

A complex password improves security by preventing password guessing attacks. Sentinel provides a set of password validation rules that help you maintain a complex password for all local user passwords. You can select the desired validation rules as applicable for your environment.

You can configure the password validation rules in the <sentinel_installation_path>/etc/opt/novell/sentinel/config/passwordrules.properties file. The validation rules apply only to the local user passwords and not LDAP user passwords. For existing users, validation rules apply only after the users update their password.

By default, all the validation rules are disabled and commented with #. To enable validation rules, uncomment the rules, specify the values for the rules, and save the file.

The following table describes the password complexity validation rules:

Table 4-1 Password Complexity Rules

Validation Rule

Description

MINIMUM_PASSWORD_LENGTH

Specifies the minimum number of characters required in a password.

MAXIMUM_PASSWORD_LENGTH

Specifies the maximum number of characters allowed in a password.

UNIQUE_CHARACTER_LENGTH

Specifies the minimum number of unique characters required in a password.

For example, if the UNIQUE_CHARACTER_LENGTH value is 6 and a user specifies the password as "aaaabbccc", the Sentinel does not validate the password because it contains only 3 unique characters a, b, and c.

LOWER_CASE_CHARACTERS_COUNT

Specifies the minimum number of lowercase characters required in a password.

UPPER_CASE_CHARACTERS_COUNT

Specifies the minimum number of uppercase characters required in a password.

ALPHABET_CHARACTERS_COUNT

Specifies the minimum number of alphabetic characters required in a password.

NUMERIC_CHARACTERS_COUNT

Specifies the minimum number of numeric characters required in a password.

NON_ALPHA_NUMERIC_CHARACTERS_COUNT

Specifies the minimum number of non-alphanumeric or special characters required in a password. The rule considers only the following non-alphanumeric characters:

` ~ ! @ # $ % ^ & * ( ) - _ = + [ { ] } \  | ; : ' " < , > . / ?

RESTRICTED_WORDS_IN_PASSWORD

Specifies the words that are not allowed in a password. The restricted words are case-insensitive. You can specify multiple words separated by a comma.

For example,RESTRICTED_WORDS_IN_PASSWORD= admin,password,test