Endpoint Administration Guide for UNIX › Managing User Passwords › Defining Password Policies
Defining Password Policies
The most important password rule is that users must not give out their passwords explicitly or indirectly (by using trivial passwords). The only way to achieve acceptable password security is by training and education. CA ControlMinder cannot replace education, but it can enforce rules and policies that force users to use passwords of a minimum quality. The rules that you can specify include the following:
- The new password cannot match previous passwords.
- The new password cannot contain the user name.
- The new password cannot contain the password that it is replacing.
- The new password cannot be contained by the password that it is replacing.
- The new password cannot match the password that it is replacing, regardless of case sensitivity.
- The new password must have at least the minimum number of alphanumeric characters, special characters, digits, lowercase characters, and uppercase characters.
- The new password must not have more repetitive characters.
- The new password cannot be one of the restricted words in the dictionary to which the Dictionary token in the seos.ini file points.
- Each password must have a maximum lifetime; that is, it must expire, forcing the user to choose a new password after a certain interval.
- Each password must have a minimum lifetime. (By specifying a minimum lifetime, you can prevent users from quickly and repeatedly changing passwords. By quickly changing passwords, they could overflow the password history list and then re‑use a previous password.)
Important! Password rules only affect sepass and not native password tools. Make sure you replace passwd with a link to sepass.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|