Administration Guide › Manage User Accounts and Passwords › Create a Password Policy › Example: Complex Password Policy

Example: Complex Password Policy

In this example, the directory architect has created the following plain-English password policy:

• Passwords must contain at least seven characters, at least three of which must be alphabetical, and at least three of which must be numeric.
• No password may contain the user name.
• Passwords are valid for up to 14 days.
• Passwords must be at least one day old before they are changed, to prevent users from changing their password many times to fill up the password history.
• After a password has expired, users may still log in twice, to give them a chance to change the password.
• After three incorrect attempts at logging in, the account is suspended for 30 minutes, after which the user may try to log in again.

To implement this plan, use the following commands:

set password-policy = true;
set password-min-length = 7;
set password-alpha = 3;
set password-numeric = 3;
set password-username-substring = true;
set password-age = 14;
set password-min-age = 1;
set password-grace-logins = 2;
set password-retries = 3;
set password-max-suspension = 1800;