Thanks for getting back to me. I had seen this in the documentation. I was
just hoping that I was missing something. I guess I'm just surprised that a
product designed to manage authentication wouldn't have a way to be more
specific in the complexity requirements.
From: Florence Blanc-Renaud [mailto:f...@redhat.com]
Sent: Wednesday, October 12, 2016 3:18 PM
To: Bennett, Chip <cbenn...@ftdi.com>; firstname.lastname@example.org
Subject: Re: [Freeipa-users] Password Complexity Requirements Seems Insufficient
On 10/11/2016 07:36 PM, Bennett, Chip wrote:
> I just joined this list, so if this question has been asked before
> (and I'll bet it has), I apologize in advance.
> A google search was unrevealing, so I'm asking here: we're running
> FreeIPA Version 3.0.0 on CentOS 6.6. It looks like the password
> complexity requirements are limited to setting the number of character
> classes to require, i.e. setting it to "2" would require your new
> password to be any two of the character classes.
> What if you wanted new passwords to meet specific class requirements,
> i.e. a mix of UL, LC, and numbers. It looks like you would use a
> value of "3" to accomplish this, but that would also allow UC, LC, and
> special, or LC, numbers, and special, but you don't want to allow the
> those: how would you specify that?
as far as I know, it is only possible to specify the number of different
character classes. The doc chapter "Creating Password Policies in the Web UI"
 describes the following:
Character classes sets the number of different categories of character that
must be used in the password. This does not set which classes must be used; it
sets the number of different (unspecified) classes which must be used in a
password. For example, a character class can be a number, special character, or
capital; the complete list of categories is in Table 22.1, "Password Policy
Settings". This is part of setting the complexity requirements.
hope this clarifies,
> Also, what if you had a requirement for more than one of the character
> classes, i.e. you want to require two UC characters or two special
> Thanks in advance for the help,
> Chip Bennett
> This message is solely for the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited.
This message is solely for the intended recipient(s) and may contain
confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project