Password Use

Passwords are required for the server administrator and users to access StarTeam Server configurations. When the server configuration is created, a server administrator account is created by default with both the user name and password set to Administrator. This password should be changed immediately. When the server administrator adds a user, a unique user name is created and a password is assigned according to the password properties specified for this server configuration.

The server administrator specifies password properties for each server configuration in the Tools > Accounts > System Policy dialog on the Passwords tab. Whatever is specified as the system policy for passwords applies to all users accessing this server configuration.

Password properties include the password expiration time limit, the minimum length, and use of strong passwords.

About Strong Passwords

The server administrator can specify that a strong password is required for users accessing a server configuration. If the system policy for this server configuration requires a strong password, the password must:

New password must be different from the old password.
New password must be different from the user name.
New password must be mixed case, containing at least one lowercase and at least one uppercase alphabetical character. (This is the English alphabet as determined by the ASCII value of the character.)
New password must contain at least one non-alphabetical character.

By default, the strong password option is turned off.

Password Property Changes

If the system administrator changes the password properties for a server configuration, when the changes take effect depends on the property.

Changes made to the password length properties take effect immediately, but apply only to new user accounts or new passwords. For example, if you change the minimum password length from eight characters to ten, all new users must have a password that is a minimum of ten characters long. However, existing users will still be able to use their eight character passwords.

Changes made to the expiration time limit take effect after the appropriate time interval. For example, if you change the password expiration time limit to thirty days, user accounts are suspended if their passwords have not been changed before the time expires. Users are prompted to change their passwords two weeks before the suspension takes place. The only user account not subject to expiration is the Administrator account.

If the strong password option is turned on, it applies only to new users and users who change their passwords. Until such a change is made, their old “weak” passwords continue to work.

Note: The system administrator can force a password change if they want users to immediately conform to a password property change or if a project security breach has occurred.