On 10/11/2016 07:36 PM, Bennett, Chip wrote:
I just joined this list, so if this question has been asked before (and
I’ll bet it has), I apologize in advance.
A google search was unrevealing, so I’m asking here: we’re running
FreeIPA Version 3.0.0 on CentOS 6.6. It looks like the password
complexity requirements are limited to setting the number of character
classes to require, i.e. setting it to “2” would require your new
password to be any two of the character classes.
What if you wanted new passwords to meet specific class requirements,
i.e. a mix of UL, LC, and numbers. It looks like you would use a value
of “3” to accomplish this, but that would also allow UC, LC, and
special, or LC, numbers, and special, but you don’t want to allow the
those: how would you specify that?
as far as I know, it is only possible to specify the number of different
character classes. The doc chapter "Creating Password Policies in the
Web UI"  describes the following:
Character classes sets the number of different categories of character
that must be used in the password. This does not set which classes must
be used; it sets the number of different (unspecified) classes which
must be used in a password. For example, a character class can be a
number, special character, or capital; the complete list of categories
is in Table 22.1, “Password Policy Settings”. This is part of setting
the complexity requirements.
hope this clarifies,
Also, what if you had a requirement for more than one of the character
classes, i.e. you want to require two UC characters or two special
Thanks in advance for the help,
This message is solely for the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project