Flo, Thanks for getting back to me. I had seen this in the documentation. I was just hoping that I was missing something. I guess I'm just surprised that a product designed to manage authentication wouldn't have a way to be more specific in the complexity requirements.
Thanks again! Chip -----Original Message----- From: Florence Blanc-Renaud [mailto:f...@redhat.com] Sent: Wednesday, October 12, 2016 3:18 PM To: Bennett, Chip <cbenn...@ftdi.com>; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Password Complexity Requirements Seems Insufficient On 10/11/2016 07:36 PM, Bennett, Chip wrote: > I just joined this list, so if this question has been asked before > (and I'll bet it has), I apologize in advance. > > > > A google search was unrevealing, so I'm asking here: we're running > FreeIPA Version 3.0.0 on CentOS 6.6. It looks like the password > complexity requirements are limited to setting the number of character > classes to require, i.e. setting it to "2" would require your new > password to be any two of the character classes. > > > > What if you wanted new passwords to meet specific class requirements, > i.e. a mix of UL, LC, and numbers. It looks like you would use a > value of "3" to accomplish this, but that would also allow UC, LC, and > special, or LC, numbers, and special, but you don't want to allow the > those: how would you specify that? > Hi, as far as I know, it is only possible to specify the number of different character classes. The doc chapter "Creating Password Policies in the Web UI" [1] describes the following: --- Character classes sets the number of different categories of character that must be used in the password. This does not set which classes must be used; it sets the number of different (unspecified) classes which must be used in a password. For example, a character class can be a number, special character, or capital; the complete list of categories is in Table 22.1, "Password Policy Settings". This is part of setting the complexity requirements. --- hope this clarifies, Flo [1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/Setting_Different_Password_Policies_for_Different_User_Groups.html#creating-group-policy-ui > > > Also, what if you had a requirement for more than one of the character > classes, i.e. you want to require two UC characters or two special > characters? > > > > Thanks in advance for the help, > > Chip Bennett > > > > > This message is solely for the intended recipient(s) and may contain > confidential and privileged information. Any unauthorized review, use, > disclosure or distribution is prohibited. > > This message is solely for the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
