Prevent User Details from Appearing in the Password

Administration Guide › Manage User Accounts and Passwords › Create a Password Policy › How to Configure Password Quality Rules › Prevent User Details from Appearing in the Password

Prevent User Details from Appearing in the Password

To prevent users from including their own details in their passwords, use the following command:

set password-substring-attrs = attribute-list;

This lists the attributes that contain details about the user that you do not want to be used in new passwords. The password cannot be a substring of the substring attrs and the substring attrs cannot be a substring of the password.

The user's details are taken from the values of the attributes in their own entry.

We recommend that you include only attributes that have string syntaxes. Values of other syntaxes may not be picked up by the password substring check.

Example: Prevent User Details in Passwords

You have set up the following password policy in the Democorp DSA:

set password-policy = true;
set password-substring-attr = title;

The entry for Craig Link includes the following attributes and values:

Attribute	Value
cn	Craig LINK
description	Railways
title	Communications Engineer

Craig Link cannot create the following passwords because they are substrings of the title attribute value:

engineer
Communications Eng

He can create the following passwords:

railways
This is acceptable because the description attribute is not listed in the set password-substring-attr command.
CommunicationsEngineer
The space is missing, so this is not a substring of Communications Engineer.

More information:

set password-substring-attrs Command

Email CA Technologies about this topic