Enclosed guideline on how to configure password policy in Repertoire 8.8.0
Password policy can only be enabled after uncommenting a code segment in ERS2.xml .
<ers:mbean name=“ERS2:name=PasswordPolicy”
class=“com.elixirtech.ers2.security.PasswordPolicy”>
<ers:property name=“MinLength”>4</ers:property>
<ers:property name=“MaxLength”>10</ers:property>
<ers:property name=“MustHaveDigit”>true</ers:property>
<ers:property name=“MustHaveUpperCase”>true</ers:property>
<ers:property name=“MustHaveLowerCase”>true</ers:property>
<ers:property name=“MustHaveSymbolSet”>!@$%</ers:property>
<ers:property name=“MustNotHaveSymbolSet”>/ </ers:property>
<ers:property name=“NotSameAsLogon”>true</ers:property>
<ers:property name=“PasswordMaxExpiresDays”>90</ers:property>
<ers:property name=“DifferentPasswordCount”>2</ers:property>
<ers:property name=“RetryAttemptLockoutCount”>5</ers:property>
<ers:property name=“RetryAttemptDelaySecs”>5</ers:property>
<ers:property name=“RetryAttemptDelayMultiplier”>2</ers:property>
</ers:mbean>
| Value | Description |
|---|---|
| MinLength | Minimum length of password |
| MaxLength | Maximum length of password |
| MustHaveDigit | Password must contain at least one numeric character. Boolean type. |
| MustHaveUpperCase | Password must contain at least one alphabet in upper case. Boolean type. |
| MustHaveLowerCase | Password must contain at least one alphabet in lower case. Boolean type. |
| MustHaveSymbolSet | Password must contain at least one symbol. All symbols are acceptable except “<”, “>” and “&”. If the administrator wants to allow the use of <, > and &, a specific syntax must be used. Below is an example for wanting to use “&”. e.g <![CDATA[&]] > |
| MustNotHaveSymbolSet | Password must not contain any symbols. User can enter symbol(s) when trying to change the password, but it will be rejected when user tries to finalise the change. |
| NotSameAsLogon | Password must not be the same as the username. |
| PasswordMaxExpiresDays | Duration before password expires. In number of days. |
| DifferentPasswordCount | The number of previous passwords to be remembered. By default, the server would remember the 5 different passwords used previously. The maximum count is 5. |
| RetryAttemptLockoutCount | Number of failed logins before account is locked |
| RetryAttemptDelaySecs | The delay time before user can retry login |
| RetryAttemptDelayMultiplier | The multiplier rate for the day. For example, RetryAt- temptDelaySecs=10, RetryAttemptDelayMultiplier=2, 1st login failure= delay login retry is 10 seconds, 2nd login failure=delay login retry is 20 seconds and so on. |
If the administrator simply wants a user to change the password upon the next login and no other conditions need to be satisfied, it is unnecessary to use the password policy. Simply check Force password change as seen in Figure 1, “Force Password Change”. If desired, both the selection and the password policy can work together.
Figure 1 Force Password Change
