Password policy is object that defines the password strength and binds to fields in templates that are of type password. It allows to define the minimum number of characters from each character set and their combinations.


For related privileges see Privileges and Permissions chapter.


Available actions for user with appropriate privileges:

Create

Create new Password policy object

Modify

Modify Password policy object

Deactivate

For active Password policies -> set the status to inactive

Enable

For inactive Password policies -> set the status to active

Filter

Filter active or inactive Password policies

Search

Opens the box to input the text to be searched

Display detail

[ click on the row ]

Open drawer with the detail of the Password policy


Available actions for user with appropriate privileges on the Logs tab:

Open log in the full page

[ option in context menu ]

Open tab with brief overview of activities done with the object. By use of context menu [ ] user can open the log into more detailed view.


Create Password policy

1

Click on the tab Password policies in ANT PAM settings section

2

The list of existing Password policies will be displayed.

  • Note: only objects where the user has relevant permissions are displayed.

3

Press the CREATE button [ ]

4

The modal window with the details of the Password policy will be displayed

5

Fill all neccessary parameters and press button CREATE

6

The Password policy will be displayed in the list and its detail will be displayed in the opened drawer




Modify Password policy

1

Click on the tab Password policies in ANT PAM settings section.

2

The list of existing Password policies will be displayed.

  • Note: only objects where the user has relevant permissions are displayed.

3

Mouseclick on the chosen password policy in the list.

4

The detail of the Password policy will be displayed in the opened drawer.

5

Press the MODIFY button [ ] on the drawer

6

The modal window with the details of the Password policy will be displayed

  • Note: Default flag can't be unmarked on default Password policy - only creating new Password policy with the default parameter set as on will remove the flag from current Password policy



Parameters of the Password policy form

Parameter

Description

Example value

Name

Name of the Password policy

Default password policy

Description

Description of the Password policy

optional

Make as a default policy

Mark just one password policy as the default one. Default means that in case of template field type password, the default Password policy will be prefilled in the form.


Rules

  • only one password policy can be marked as default
  • the very first created Password policy is automatically marked as default
  • in case of marking the new password policy as default the attribute will be transfered to the new Password policy

optional except the first Password policy

Character set

Type of chars - defines the complexity of the password strength:

  • Default - the password will contain at least one character from:
    • Lower case (a-z)
    • Upper case (A-Z)
    • Number (0-9)
    • Symbol (ASCII chars (33-47)(58-64)(91-96)(123-126))
  • Custom - the possibility to specify subsets will be displayed in the form. User can specify the count of chars from selected subset:
    • Lower case (a-z)
    • Upper case (A-Z)
    • Numbers (0-9)
    • Symbols (ASCII chars (33-47)(58-64)(91-96)(123-126))
    • Characters (a-z, A-Z)
    • Alphanumeric (a-z, A-Z, 0-9)
    • Custom - user can specify own set of characters

Custom with:

  • Lower case - 4
  • Upper case - 4
  • Number - 4
  • Custom (._-) - 4

Min length

Minimal length of the password


Rules:

  • in case of Default character set the minimal length is 4
  • in the case of a Custom charset, the main Min length parameter must be equal to or greater than the sum of the lengths of the individual subsets.

16

Max length

Maximal length of the password


Rules:

  • Must be higher that Min length

20