The password policy feature allows users to create their own custom password policies and enforce the password policy on non-LDAP Delphix Engine users.
Understanding password policies
A password policy is a named password policy that can be assigned to a user. It is a set of requirements that passwords must satisfy.
minLength - A password must be longer than this length.
reuseDisallowLimit - The user should not reuse old passwords. This tells the number of last used passwords disallowed to be reused as the new passwords.
uppercaseLetter - A password must have at least one capital letter.
lowercaseLetter - A password must have at least one lower case letter.
digit - A password must have at least one digit.
symbol - A password must have at least one symbol.
disallowUsernameAsPassword - A password should not be the same as the user name.
Password policy requirements
When you set a password, it must differ from the most recent password and contain:
at least 5 characters
at least one uppercase letter
at least one lowercase letter
at least one numeric digit
at least one symbol such as #, $, !
do not use username or reverse username
This policy applies to non-LDAP Delphix Engine users. This includes the default users, delphix_admin and sysadmin. The password policy does not apply to LDAP users.
Default password policy
By default, the Delphix Engine enforces the password policy named NONE, which enforces the least possible constraint.
Passwords must contain at least one character.
Changing the password policy
To change the current password policy from the default policy NONE, create a custom password policy and select it instead of NONE.
Who can change password policy for whom
Domain administrators can change the current password policy for all domain users.
System users can change the current password policy for all system users.
Domain regular users (non-administrators) users can only view the password policy.
What operations can be done by administrators
Create custom password policies
Update custom password policies
Delete custom password policies
Change the current password policy to any of the available password policies
View available password policies
View current password policy requirements
Password policy parameters
When you create a password policy, you can set the following parameters:
Unique name for the password policy
Minimum length of the password
Whether password must differ from the last password
Whether password must not contain the username or reverse user name
Whether password must contain at least one uppercase letter
Whether password must contain at least one lowercase letter
Whether password must contain at least one numeric digit
Whether password must contain at least one symbol such as #, $, !
Restrictions for default password policy’s modification (named NONE):
not allowed to delete the default password policy from available list of password policies.
not allowed to update any parameters of the default password policy.
Cannot delete the password policy which is set as current password policy.