Password Policy for Repertoire 8.8.0

Enclosed guideline on how to configure password policy in Repertoire 8.8.0

Password policy can only be enabled after uncommenting a code segment in ERS2.xml .

<ers:mbean name=“ERS2:name=PasswordPolicy”
<ers:property name=“MinLength”>4</ers:property>
<ers:property name=“MaxLength”>10</ers:property>
<ers:property name=“MustHaveDigit”>true</ers:property>
<ers:property name=“MustHaveUpperCase”>true</ers:property>
<ers:property name=“MustHaveLowerCase”>true</ers:property>
<ers:property name=“MustHaveSymbolSet”>!@$%</ers:property>
<ers:property name=“MustNotHaveSymbolSet”>/ </ers:property>
<ers:property name=“NotSameAsLogon”>true</ers:property>
<ers:property name=“PasswordMaxExpiresDays”>90</ers:property>
<ers:property name=“DifferentPasswordCount”>2</ers:property>
<ers:property name=“RetryAttemptLockoutCount”>5</ers:property>
<ers:property name=“RetryAttemptDelaySecs”>5</ers:property>
<ers:property name=“RetryAttemptDelayMultiplier”>2</ers:property>

Value Description
MinLength Minimum length of password
MaxLength Maximum length of password
MustHaveDigit Password must contain at least one numeric character. Boolean type.
MustHaveUpperCase Password must contain at least one alphabet in upper case. Boolean type.
MustHaveLowerCase Password must contain at least one alphabet in lower case.
Boolean type.
MustHaveSymbolSet Password must contain at least one symbol. All symbols are
acceptable except “<”, “>” and “&”. If the administrator wants to allow the use of <, > and &, a specific syntax must be used. Below is an example for wanting to use “&”. e.g <![CDATA[&]] >
MustNotHaveSymbolSet Password must not contain any symbols. User can enter
symbol(s) when trying to change the password, but it will be rejected when user tries to finalise the change.
NotSameAsLogon Password must not be the same as the username.
PasswordMaxExpiresDays Duration before password expires. In number of days.
DifferentPasswordCount The number of previous passwords to be remembered. By
default, the server would remember the 5 different passwords used previously. The maximum count is 5.
RetryAttemptLockoutCount Number of failed logins before account is locked
RetryAttemptDelaySecs The delay time before user can retry login
RetryAttemptDelayMultiplier The multiplier rate for the day. For example, RetryAt-
temptDelaySecs=10, RetryAttemptDelayMultiplier=2, 1st login
failure= delay login retry is 10 seconds, 2nd login failure=delay login retry is 20 seconds and so on.

If the administrator simply wants a user to change the password upon the next login and no other conditions need to be satisfied, it is unnecessary to use the password policy. Simply check Force password change as seen in Figure 1, “Force Password Change”. If desired, both the selection and the password policy can work together.

Figure 1 Force Password Change

password policy 1