The password policy feature allows users to create their own custom password policies and enforce the password policy on non-LDAP Delphix Engine users.
Understanding Password Policies
A password policy is a named password policy that can be assigned to a user. It is a set of requirements that passwords must satisfy.
- minLength - A password must be longer than this length.
- reuseDisallowLimit - The user should not reuse old passwords. This tells the number of last used passwords disallowed to be reused as the new passwords.
- uppercaseLetter - A password must have at least one capital letter.
- lowercaseLetter - A password must have at least one lower case letter.
- digit - A password must have at least one digit.
- symbol - A password must have at least one symbol.
- disallowUsernameAsPassword - A password should not be the same as the user name.
Password policy requirements
When you set a password, it must differ from the most recent password and contain:
- at least 5 characters
- at least one uppercase letter
- at least one lowercase letter
- at least one numeric digit
- at least one symbol such as #, $, !
- do not use username or reverse username
This policy applies to non-LDAP Delphix Engine users. This includes the default users, delphix_admin and sysadmin. The password policy does not apply to LDAP users.
Default password policy
By default, the Delphix Engine enforces the password policy named NONE, which enforces the least possible constraint.
Passwords must contain at least one character.
Changing the password policy
To change the current password policy from the default policy NONE, create a custom password policy and select it instead of NONE.
Who can change password policy for whom
- Domain administrators can change the current password policy for all domain users.
- System users can change the current password policy for all system users.
- Domain regular users (non-administrators) users can only view the password policy.
What operations can be done by administrators
- Create custom password policies
- Update custom password policies
- Delete custom password policies
- Change the current password policy to any of the available password policies
- View available password policies
- View current password policy requirements
Password policy parameters
When you create a password policy, you can set the following parameters:
- Unique name for the password policy
- Minimum length of the password
- Whether password must differ from the last password
- Whether password must not contain the username or reverse user name
- Whether password must contain at least one uppercase letter
- Whether password must contain at least one lowercase letter
- Whether password must contain at least one numeric digit
- Whether password must contain at least one symbol such as #, $, !
- Restrictions for default password policy’s modification (named NONE):
- not allowed to delete the default password policy from available list of password policies.
- not allowed to update any parameters of the default password policy.
- Cannot delete the password policy which is set as current password policy.