Flo,

Thanks for getting back to me.  I had seen this in the documentation.   I was 
just hoping that I was missing something.   I guess I'm just surprised that a 
product designed to manage authentication wouldn't have a way to be more 
specific in the complexity requirements.

Thanks again!
Chip

-----Original Message-----
From: Florence Blanc-Renaud [mailto:f...@redhat.com] 
Sent: Wednesday, October 12, 2016 3:18 PM
To: Bennett, Chip <cbenn...@ftdi.com>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Password Complexity Requirements Seems Insufficient

On 10/11/2016 07:36 PM, Bennett, Chip wrote:
> I just joined this list, so if this question has been asked before 
> (and I'll bet it has), I apologize in advance.
>
>
>
> A google search was unrevealing, so I'm asking here: we're running
> FreeIPA Version 3.0.0 on CentOS 6.6.   It looks like the password
> complexity requirements are limited to setting the number of character 
> classes to require, i.e. setting it to "2" would require your new 
> password to be any two of the character classes.
>
>
>
> What if you wanted new passwords to meet specific class requirements, 
> i.e. a mix of UL, LC, and numbers.  It looks like you would use a 
> value of "3" to accomplish this, but that would also allow UC, LC, and 
> special, or LC, numbers, and special, but you don't want to allow the
> those:  how would you specify that?
>
Hi,

as far as I know, it is only possible to specify the number of different 
character classes. The doc chapter "Creating Password Policies in the Web UI" 
[1] describes the following:
---
Character classes sets the number of different categories of character that 
must be used in the password. This does not set which classes must be used; it 
sets the number of different (unspecified) classes which must be used in a 
password. For example, a character class can be a number, special character, or 
capital; the complete list of categories is in Table 22.1, "Password Policy 
Settings". This is part of setting the complexity requirements.
---

hope this clarifies,
Flo

[1]
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/Setting_Different_Password_Policies_for_Different_User_Groups.html#creating-group-policy-ui


>
>
> Also, what if you had a requirement for more than one of the character
> classes, i.e. you want to require two UC characters or two special
> characters?
>
>
>
> Thanks in advance for the help,
>
> Chip Bennett
>
>
>
>
> This message is solely for the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited.  
>
>


This message is solely for the intended recipient(s) and may contain 
confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to