Programming Guides › Programming Guide for Perl › CLI Policy Management Methods › CLI Password Policy Methods

CLI Password Policy Methods

AllowNestedGroups Method—Allows the Password Policy To Be Configured for Nested Groups

The AllowNestedGroups method allows the password policy to be configured for nested groups. This method applies only to LDAP directories.

Syntax

The AllowNestedGroups method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>AllowNestedGroups([groupFlag])

Parameters

The AllowNestedGroups method accepts the following parameter:

groupFlag (int)

(Optional) Specifies whether to allow nested groups:

• 1 to allow nested groups
• 0 to disallow nested groups

Return Value

The AllowNestedGroups method returns one of the following values:

• 0 if nested groups are not allowed.
• 1 if nested groups are allowed.

AllowLowerPriorityPolicies Method—Sets Flag To Determine whether Password Policies with Lower Priority Should Be Evaluated

The ApplyLowerPriorityPolicies method sets or retrieves the flag that determines whether password policies with lower priority should be evaluated after the current password policy is evaluated.

Syntax

The ApplyLowerPriorityPolicies method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>ApplyLowerPriorityPolicies([lowerPriorityFlag])

Parameters

The ApplyLowerPriorityPolicies method accepts the following parameters:

lowerPriorityFlag (int)

(Optional) Specifies whether to enable evaluation of lower-priority password policies:

• 1 enables evaluation of lower-priority password policies
• 0 disables evaluation of lower-priority password policies

Return Value

The ApplyLowerPriorityPolicies method returns one of the following values:

• A new or existing flag setting
• undef if the call is unsuccessful

AuthLoginTrackFailure Method—Allows a User To Login if Login Tracking Data Fails

The AuthLoginTrackFailure method sets or retrieves the flag for allowing a user to log in if login tracking data fails to be written to the user directory. Login tracking data includes login attempts and successful logins.

Syntax

The AuthLoginTrackFailure method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>AuthLoginTrackFailure([trackingFlag])

Parameters

The AuthLoginTrackFailure method accepts the following parameter:

trackingFlag (int)

(Optional) Specifies whether to allow the user to login when login tracking fails:

• 1 allows the user to login
• 0 does not allow the user to login

Return Value

The AuthLoginTrackFailure method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

Remarks

If you enable this flag, users are allowed to log in even if login tracking data cannot be written to the user directory. If you disable this flag, users are not allowed to log in if login tracking data cannot be written to the user directory.

BadLoginDisablementPeriod Method—Sets or Retrieves the Number of Minutes Before a User Account Is Disabled

The BadLoginDisablementPeriod method sets or retrieves the number of minutes before a user account is disabled after too many failed login attempts.

Syntax

The BadLoginDisablementPeriod method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>BadLoginDisablementPeriod([disablementPeriod])

Parameters

The BadLoginDisablementPeriod method accepts the following parameters:

disablementPeriod (int)

(Optional) Specifies the number of minutes to allow before the user account is disabled.

Return Value

The BadLoginDisablementPeriod method returns one of the following values:

• The new or existing disablement period
• undef if the call is unsuccessful

Description Method—Sets or Retrieves the Description of the Password Policy

The Description method sets or retrieves the description of the password policy.

Syntax

The Description method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>Description([policyDesc])

Parameters

The Description method accepts the following parameter:

policyDesc (string)

(Optional) Specifies the description of the password policy.

Return Value

The Description method returns one of the following values:

• The new or existing policy description
• An empty string if the call is unsuccessful.

DictionaryMatch Method—Sets the Minimum Number of Letters Required To Qualify a Password for Dictionary Checking

The DictionaryMatch method sets the minimum number of letters required to qualify a password for dictionary checking.

Syntax

The DictionaryMatch method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>DictionaryMatch([dicMatchLen])

Parameters

The DictionaryMatch method accepts the following parameter:

dicMatchLen (int)

(Optional) Specifies the minimum number of letters required.

Return Value

The DictionaryMatch method returns one of the following values:

• A new or existing minimum setting
• undef if the call is unsuccessful

DictionaryPath Method—Sets or Retrieves the Location of a Dictionary File

The DictionaryPath method sets or retrieves the location of a dictionary file that lists words that cannot be used in a password.

Syntax

The DictionaryPath method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>DictionaryPath([dicPath])

Parameters

The DictionaryPath method accepts the following parameter:

dicPath (string)

(Optional) Specifies the new dictionary path.

Return Value

The DictionaryPath method returns one of the following values:

• The new or existing dictionary path.
• undef if the call is unsuccessful

Remarks

The dictionary file must be a text file located in a directory that all Policy Servers can access.

DisableAfterInactivityExpiration Method—Disables an Inactive User's Account

The DisableAfterInactivityExpiration method sets or retrieves the flag for disabling a user's account if it has been inactive for a specified period.

Syntax

The DisableAfterInactivityExpiration method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>DisableAfterInactivityExpiration([inactivityFlag])

Parameters

The DisableAfterInactivityExpiration method accepts the following parameters:

inactivityFlag (int)

(Optional) Specifies whether to disable the user's account

1 disables the user's account after a specified period of inactivity

0 keeps the account enabled and forces a password change

Return Value

The DisableAfterInactivityExpiration method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

Remarks

If the flag is set not to disable the user's account after the inactivity period, the user is required to change the password at the next login.

DisableAfterPwdExpiration Method—Disables a User's Aaccount after the User's Password Expires

The DisableAfterPwdExpiration method sets or retrieves the flag for disabling a user's account after the user's password expires.

Syntax

The DisableAfterPwdExpiration method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>DisableAfterPwdExpiration([expireFlag])

Parameters

The DisableAfterPwdExpiration method accepts the following parameter:

expireFlag (type)

(Optional) Specifies whether to disable the user's account:

1 disable the user's account after the user's password expires

0 keeps the account enabled and forces a password change

Return Value

The DisableAfterPwdExpiration method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

Remarks

If the flag is set not to disable the user's account after the password expires, the user is required to change the password at next login.

EntireDir Method—Determines Whether the Password Policy Applies to the Entire Directory

The EntireDir method determines whether the password policy applies to the entire directory or just a part of it.

Syntax

The EntireDir method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>EntireDir([dirFlag])

Parameters

The EntireDir method accepts the following parameters:

dirFlag (int)

(Optional) Specifies whether to apply the password policy to an entire directory:

1 applies the password policy to the entire directory

0 applies the password policy to just a portion of the directory

Return Value

The EntireDir method returns one of the following values:

• 1 if the policy applies to the entire directory.
• 0 if the policy applies to part of the directory.

Remarks

For information about specifying a part of an entire directory, see the descriptions of the PolicyMgtPwdPolicy‑>UserDirPath method and the PolicyMgtPwdPolicy‑>UserDirClass method.

ExpirationDelay Method—Specifies the Number of Days a Password Can Be Used

The ExpirationDelay method specifies the number of days a password can be used until it must be changed.

Syntax

The ExpirationDelay method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>ExpirationDelay([expDelay])

Parameters

The ExpirationDelay method accepts the following parameter:

expDelay (int)

(Optional) Specifies the number of days that the password can be used.

Return Value

The ExpirationDelay method returns one of the following values:

• The new or existing number of days
• -1 if the call is unsuccessful

IsEnabled Method—Enables or Disables a Password Policy

The IsEnabled method enables or disables a password policy.

Syntax

The IsEnabled method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>IsEnabled([enableFlag])

Parameters

The IsEnabled method accepts the following parameter:

enableFlag (int)

(Optional) Specifies whether the password policy is enabled:

• 1 enables the password policy
• 0 disables the password policy

Return Value

The IsEnabled method returns one of the following values:

• 1 if the policy is enabled
• 0 if the policy is disabled

MaxLoginFailures Method—Sets or Retrieves the Maximum Number of Failed Login Attempts

The MaxLoginFailures method sets or retrieves the maximum number of failed login attempts a user can make before the user account is disabled.

Syntax

The MaxLoginFailures method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>MaxLoginFailures([maxLogin])

Parameters

The MaxLoginFailures method accepts the following parameter:

maxLogin (int)

(Optional) Specifies the number of failed login attempts.

Return Value

The MaxLoginFailures method returns one of the following values:

• The new or existing failed login attempt setting
• undef if the call is unsuccessful

MaxLoginInactive Method—Sets or Retrieves the Number of Days of Inactivity Are Allowed

The MaxLoginInactive method sets or retrieves the number of days of inactivity allowed before a user's password expires.

Syntax

The MaxLoginInactive method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>MaxLoginInactive([maxLoginInactive])

Parameters

The MaxLoginInactive method accepts the following parameters:

maxLoginInactive (int)

(Optional) Specifies the number of days of inactivity.

Return Value

The MaxLoginInactive method returns one of the following values:

• The new or existing maximum inactivity period setting
• undef if the call is unsuccessful

Name Method—Sets or Retrieves the Password Policy Name

The Name method sets or retrieves the password policy name.

Syntax

The Name method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>Name([policyName])

Parameters

The Name method accepts the following parameter:

policyName (string)

(Optional) Specifies the password policy name.

Return Value

The Name method returns one of the following values:

• The new or existing policy name
• undef if the call is unsuccessful

PwdAddRegExpMatch Method—Adds a Regular Expression to the List of Expressions that New Passwords Must Match

The PwdAddRegExpMatch method adds a regular expression to the list of expressions that new passwords must match.

Syntax

The PwdAddRegExpMatch method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdAddRegExpMatch([tag] [, expression])

Parameters

The PwdAddRegExpMatch method accepts the following parameters:

tag (string)

(Optional) Specifies the name of the regular expression.

expression (string)

(Optional) Specifies the regular expression.

Return Value

The PwdAddRegExpMatch method returns one of the following values:

• 0 if the regular expression is successfully added
• -1 if the call is unsuccessful

PwdAddRegExpNoMatch Method—Adds a Regular Expression to the List of Expressions that New Passwords Must NOT Match

The PwdAddRegExpNoMatch method adds a regular expression to the list of expressions that new passwords must not match.

Syntax

The PwdAddRegExpNoMatch method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdAddRegExpNoMatch([tag] [, expression])

Parameters

The PwdAddRegExpNoMatch method accepts the following parameters:

tag (string)

(Optional) Specifies the name of the regular expression.

expression (string)

(Optional) Specifies the regular expression.

Return Value

The PwdAddRegExpNoMatch method returns one of the following values:

• 0 if the regular expression is successfully added
• -1 if the call is unsuccessful

PwdAllowDigits Method—Specifies whether Passwords Are Allowed To Have Numeric Characters

The PwdAllowDigits method sets or retrieves the flag that specifies whether passwords are allowed to have numeric characters.

Syntax

The PwdAllowDigits method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdAllowDigits([digitFlag])

Parameters

The PwdAllowDigits method accepts the following parameter:

digitFlag (int)

(Optional) Specifies whether passwords are allowed to have numeric characters:

1 numeric characters are allowed

0 if numeric characters are not allowed

Return Value

The PwdAllowDigits method returns one of the following values:

• A new or existing flag setting
• undef if the call is unsuccessful

PwdAllowLowercase Method—Specifies whether Passwords Are Allowed To Have Lower Case Letters

The PwdAllowLowercase method sets or retrieves the flag that specifies whether passwords are allowed to have lower case letters.

Syntax

The PwdAllowLowercase method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdAllowLowercase([lcFlag])

Parameters

The PwdAllowLowercase method accepts the following parameters:

lcFlag (int)

(Optional) Specifies whether lowercase letters are allowed in passwords:

• 1 allows lowercase letters
• 0 disallows lowercase letters

Return Value

The PwdAllowLowercase method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

PwdAllowNonAlphNum Method—Specifies whether Passwords Are Allowed To Have Non-Alphanumeric Characters

The PwdAllowNonAlphNum method sets or retrieves the flag that specifies whether passwords are allowed to have non-alphanumeric characters.

Syntax

The PwdAllowNonAlphNum method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdAllowNonAlphaNum([nonAlphaNumFlag])

Parameters

The PwdAllowNonAlphNum method accepts the following parameters:

nonAlphaNumFlag (int)

(Optional) Specifies whether non-alphanumeric characters are allowed in passwords

• 1 allows non-alphanumeric characters
• 0 disallows non-alphanumeric characters

Return Value

The PwdAllowNonAlphNum method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

PwdAllowNonPrintable Method—Specifies whether Passwords Are Allowed To Have Non-Printable Characters

The PwdAllowNonPrintable method sets or retrieves the flag that specifies whether passwords are allowed to have non-printable characters. These characters cannot be displayed on a computer screen.

Syntax

The PwdAllowNonPrintable method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdAllowNonPrintable([nonPrintFlag])

Parameters

The PwdAllowNonPrintable method accepts the following parameters:

nonPrintFlag (int)

(Optional) Specifies whether non-printable characters are allowed in passwords:

• 1 allows non-printable characters
• 0 disallows non-printable characters

Return Value

The PwdAllowNonPrintable method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

PwdAllowPunctuation Method—Specifies whether Passwords Are Allowed To Have Punctuation Mark Characters

The PwdAllowPunctuation method sets or retrieves the flag that specifies whether passwords are allowed to have punctuation mark characters.

Syntax

The PwdAllowPunctuation method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdAllowPunctuation([punctuationMarkFlag])

Parameters

The PwdAllowPunctuation method accepts the following parameters:

punctuationMarkFlag (int)

(Optional) Specifies whether punctuation mark characters are allowed in passwords:

• 1 allows punctuation mark characters
• 0 disallows punctuation mark characters

Return Value

The PwdAllowPunctuation method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

PwdAllowUpperCase Method—Specifies whether Passwords Are Allowed To Have Upper Case Letters

The PwdAllowUpperCase method sets or retrieves the flag that specifies whether passwords are allowed to have upper case letters.

Syntax

The PwdAllowUpperCase method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdAllowUppercase([upperCaseFlag])

Parameters

The PwdAllowUpperCase method accepts the following parameter:

upperCaseFlag (int)

(Optional) Specifies whether upper case letters are allowed in passwords:

• 1 allows upper case letters
• 0 disallows upper case letters

Return Value

The PwdAllowUpperCase method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

PwdExpiryWarning Method—Sets or Retrieves the Number of Days in Advance To Notify the User that the Password Will Expire

The PwdExpiryWarning method sets or retrieves the number of days in advance to notify the user that the password will expire.

Syntax

The PwdExpiryWarning method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdExpiryWarning([warningDays])

Parameters

The PwdExpiryWarning method accepts the following parameters:

warningDays (int)

(Optional) Specifies the number of days of advance notice.

Return Value

The PwdExpiryWarning method returns one of the following values:

• The new or existing advance notice setting
• undef if the call is unsuccessful

PwdForceLowerCase Method—Determines whether To Convert Upper Case Letters in a New Password to Lower Case

The PwdForceLowerCase method sets or retrieves the flag that determines whether to convert any upper case letters in a new password to lower case.

Syntax

The PwdForceLowerCase method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdForceLowerCase([forceLCFlag])

Parameters

The PwdForceLowerCase method accepts the following parameters:

forceLCFlag (int)

(Optional) Specifies whether for force new passwords into lower vase:

• 1 converts any upper case letters to lower case
• 0 does not convert upper case letters

Return Value

The PwdForceLowerCase method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

PwdForceUpperCase Method—Determines whether To Convert Lower Case Letters in a New Password to Upper Case

The PwdForceUpperCase method sets or retrieves the flag that determines whether to convert any lower case letters in a new password to upper case.

Syntax

The PwdForceUpperCase method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdForceUpperCase([forceUCFlag])

Parameters

The PwdForceUpperCase method accepts the following parameters:

forceUCFlag (int)

(Optional) Specifies whether to force new passwords to use only upper case:

• 1 forces upper case
• 0 does not force upper case

Return Value

The PwdForceUpperCase method returns one of the following values:

• The new or existing flag setting
• undef if the call is unsuccessful

PwdGetAllRegExpMatch Method—Retrieves the Name Tags of the Regular Expressions that New Passwords Must Match

The PwdGetAllRegExpMatch method retrieves the name tags of all the regular expressions that new passwords must match.

Syntax

The PwdGetAllRegExpMatch method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdGetAllRegExpMatch()

Parameters

The PwdGetAllRegExpMatch method accepts no parameters.

Return Value

The PwdGetAllRegExpMatch method returns one of the following values:

• An array of name tags for the regular expressions that new passwords must match
• undef if the call is unsuccessful

PwdGetAllRegExpNoMatch Method—Retrieves the Name Tags of the Regular Expressions that New Passwords Must NOT Match

The PwdGetAllRegExpNoMatch method retrieves the name tags of all the regular expressions that new passwords must not match.

Syntax

The PwdGetAllRegExpNoMatch method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdGetAllRegExpNoMatch()

Parameters

The PwdGetAllRegExpNoMatch method accepts no parameters.

Return Value

The PwdGetAllRegExpNoMatch method returns one of the following values:

• An array of name tags for the regular expressions that new passwords must not match.
• undef if the call is unsuccessful

PwdGetRegExp Method—Retrieves the Regular Expression for the Specified Name Tag

The PwdGetRegExp method retrieves the regular expression for the specified name tag.

Syntax

The PwdGetRegExp method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdGetRegExp(tag)

Parameters

The PwdGetRegExp method accepts the following parameter:

tag (string)

Specifies the name of the regular expression to retrieve.

Return Value

The PwdGetRegExp method returns one of the following values:

• The specified regular expression
• undef if the call is unsuccessful

PwdIgnoreSequence Method—Determines whether To Ignore Sequence when Calculating the New Password

The PwdIgnoreSequence method specifies whether to ignore sequence (that is, character position) when the different-from-previous-characters percentage is calculated.

Syntax

The PwdIgnoreSequence method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdIgnoreSequence([pwdPctSeq])

Parameters

The PwdIgnoreSequence method accepts the following parameter:

pwdPctSeq (int)

(Optional) Specifies whether to ignore the sequence of characters when creating a new password:

• 1 ignores sequence when calculating the previous password difference percentage
• 0 considers sequence

Return Value

The PwdIgnoreSequence method returns one of the following values:

• 1 to ignore sequence
• 0 to consider sequence

Remarks

For example, suppose a user's previous password is BASEBALL12:

• If you set this method to 1 (ignore sequence), the user can't choose 12BASEBALL as the new password. That's because the characters are the same as in the previous password, regardless of the character sequence.
• If you set this method to 0 (consider sequence), the user can choose 12BASEBALL as the new password because the characters occur in a different sequence.

For greater security, pass 1 into this method.

PwdMaxLength Method—Sets or Retrieves the Maximum Length for User Passwords

The PwdMaxLength method sets or retrieves the maximum length for user passwords.

Syntax

The PwdMaxLength method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMaxLength([maxPwdLength])

Parameters

The PwdMaxLength method accepts the following parameter:

maxPwdLength (int)

(Optional) Specifies the maximum password length.

Return Value

The PwdMaxLength method returns the new or existing password length setting.

PwdMaxRepeatingChar Method—Sets or Retrieves the Maximum Number of Identical Characters

The PwdMaxRepeatingChar method sets or retrieves the maximum number of identical characters that can appear consecutively in a password.

Syntax

The PwdMaxRepeatingChar method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMaxRepeatingChar([maxPwdRepeat])

Parameters

The PwdMaxRepeatingChar method accepts the following parameter:

maxPwdRepeat (int)

(Optional) Specifies the maximum number of repeating characters.

Return Value

The PwdMaxRepeatingChar method returns the new or existing setting for repeating characters.

PwdMinAlpha Method—Sets or Retrieves the Minimum Number of Alphabetic Characters a Password Must Contain

The PwdMinAlpha method sets or retrieves the minimum number of alphabetic characters (A-Z, a-z) that a password must contain.

Syntax

The PwdMinAlpha method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinAlpha([pwdMinAlpha])

Parameters

The PwdMinAlpha method accepts the following parameter:

pwdMinAlpha (int)

(Optional) Specifies the minimum number of alphabetic characters required.

Return Value

The PwdMinAlpha method returns the new or existing minimum number of alphabetic characters.

PwdMinAlphaNum Method—Sets or Retrieves the Minimum Number of Alphanumeric Characters a Password Must Contain

The PwdMinAlphaNum method sets or retrieves the minimum number of alphanumeric characters (A-Z, a-z, 0-9) that a password must contain.

Syntax

The PwdMinAlphaNum method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinAlphaNum([pwdMinAlphaNum])

Parameters

The PwdMinAlphaNum method accepts the following parameters:

pwdMinAlphaNum (int)

(Optional) Specifies the minimum number of alphanumeric characters required.

Return Value

The PwdMinAlphaNum method returns the new or existing minimum number of alphanumeric characters.

PwdMinLength Method—Sets or Retrieves the Minimum Length for User Passwords

The PwdMinLength method sets or retrieves the minimum length for user passwords.

Syntax

The PwdMinLength method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinLength([minPwdLength])

Parameters

The PwdMinLength method accepts the following parameters:

minPwdLength (int)

(Optional) Specifies the minimum length for user passwords.

Return Value

The PwdMinLength method returns the new or existing minimum password length.

PwdMinLowercase Method—Sets or Retrieves the Minimum Number of Lower Case Letters a Password Must Contain

The PwdMinLowercase method sets or retrieves the minimum number of lower case letters that a password must contain.

Syntax

The PwdMinLowercase method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinLowercase([pwdMinLC])

Parameters

The PwdMinLowercase method accepts the following parameter:

pwdMinLC (int)

(Optional) Specifies the minimum number of lower case letters that a password must contain.

Return Value

The PwdMinLowercase method returns new or existing minimum for lower case letters.

PwdMinNonAlpha Method—Sets or Retrieves the Minimum Number of Non-Alphanumeric Characters A Password Must Contain

The PwdMinNonAlpha method sets or retrieves the minimum number of non-alphanumeric characters that a password must contain. These characters include punctuation marks and other symbols located on the keyboard, such as @, $, and *.

Syntax

The PwdMinNonAlpha method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinNonAlpha([pwdMinNonAlpha])

Parameters

The PwdMinNonAlpha method accepts the following parameters:

pwdMinNonAlpha (int)

(Optional) Specifies the minimum number of non-alphanumeric characters required.

Return Value

The PwdMinNonAlpha method returns the new or existing minimum number of non-alphanumeric characters.

PwdMinNonPrintable Method—Sets or Retrieves the Minimum Number of Non-Printable Characters a Password Must Contain

The PwdMinNonPrintable method sets or retrieves the minimum number of non-printable characters that a password must contain. These characters cannot be displayed on a computer screen.

Syntax

The PwdMinNonPrintable method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinNonPrintable([pwdMinNonPrint])

Parameters

The PwdMinNonPrintable method accepts the following parameter:

pwdMinNonPrint (int)

(Optional) Specifies the minimum number of non-printable characters required.

Return Value

The PwdMinNonPrintable method returns The new or existing minimum number of non-printable characters.

PwdMinNumbers Method—Sets or Retrieves the Minimum Number of Numeric Characters a Password Must Contain

The PwdMinNumbers method sets or retrieves the minimum number of numeric characters (0-9) that a password must contain.

Syntax

The PwdMinNumbers method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinNumbers([pwdMinNum])

Parameters

The PwdMinNumbers method accepts the following parameter:

pwdMinNum (int)

(Optional) Specifies the minimum number of numeric characters required.

Return Value

The PwdMinNumbers method returns the new or existing minimum number of numeric characters.

PwdMinProfileMatch Method—Specifies the Minimum Character Sequence To Check against the User's Personal Information

The PwdMinProfileMatch method specifies the minimum character sequence to check against the user's personal information.

Syntax

The PwdMinProfileMatch method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinProfileMatch([pwdMatchAttr])

Parameters

The PwdMinProfileMatch method accepts the following parameter:

pwdMatchAttr (int)

(Optional) Specifies the minimum number of sequential characters to check.

Return Value

The PwdMinProfileMatch method returns the new or existing minimum setting.

Remarks

For example, if this value is set to 4, SiteMinder prohibits the use of any four consecutive characters found in the user's personal information, such as the four last digits of the user's telephone number.

This field prevents a user from incorporating personal information in a password. SiteMinder checks the password against attributes in the user's directory entry.

PwdMinPunctuation Method—Sets or Retrieves the Minimum Number of Punctuation Marks a Password Must Contain

The PwdMinPunctuation method sets or retrieves the minimum number of punctuation marks that a password must contain. These characters include periods, commas, exclamation marks, slashes, hyphens, dashes, and other punctuation marks.

Syntax

The PwdMinPunctuation method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinPunctuation([pwdMinPunc])

Parameters

The PwdMinPunctuation method accepts the following parameter:

pwdMinPunc (int)

(Optional) Specifies the minimum number of punctuation marks required.

Return Value

The PwdMinPunctuation method returns the new or existing minimum number of punctuation marks.

PwdMinUppercase Method—Sets or Retrieves the Minimum Number of Upper Case Letters a Password Must Contain

The PwdMinUppercase method sets or retrieves the minimum number of upper case letters that a password must contain.

Syntax

The PwdMinUppercase method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdMinUppercase([pwdMinUC])

Parameters

The PwdMinUppercase method accepts the following parameter:

pwdMinUC (int)

(Optional) Specifies the minimum number of upper case letters that a password must contain.

Return Value

The PwdMinUppercase method returns the new or existing minimum for upper case letters.

PwdPercentDiff Method—Sets or Retrieves the Percentage of Different Characters a New Password Must Contain

The PwdPercentDiff method sets or retrieves the percentage of characters that a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password cannot contain any characters that were in the previous password (unless the parameter PwdIgnoreSeq is set to 0).

Syntax

The PwdPercentDiff method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdPercentDiff([pwdPctDiff])

Parameters

The PwdPercentDiff method accepts the following parameter:

pwdPctDiff (int)

(Optional) Specifies the minimum percentage setting.

Return Value

The PwdPercentDiff method returns the new or existing minimum percentage setting.

PwdPolicyPriority Method—Sets or Retrieves the Password's Evaluation Priority Setting

The PwdPolicyPriority method sets or retrieves the password's evaluation priority setting (1-1000). Policies are evaluated in descending order (1000 first, 1 last).

Syntax

The PwdPolicyPriority method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdPolicyPriority([priority])

Parameters

The PwdPolicyPriority method accepts the following parameters:

priority (int)

(Optional) Specifies the evaluation priority of this password policy.

Return Value

The PwdPolicyPriority method returns new or existing evaluation priority setting.

PwdRedirectionURL Method—Sets or Retrieves the URL where the User is Redirected Example

The PwdRedirectionURL method sets or retrieves the URL where the user is redirected when an invalid password is provided. This must be the URL of the Password Services CGI.

Syntax

The PwdRedirectionURL method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdRedirectionURL([URL])

Parameters

The PwdRedirectionURL method accepts the following parameter:

URL (string)

(Optional) Specifies the redirection URL.

Return Value

The PwdRedirectionURL method returns one of the following values:

• The new or existing URL
• undef if the call is unsuccessful

PwdRemoveRegExp Method—Removes the Regular Expression Associated with the Specified Name Tag

The PwdRemoveRegExp method removes the regular expression associated with the specified name tag.

Syntax

The PwdRemoveRegExp method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdRemoveRegExp(tag)

Parameters

The method accepts the following parameter:

tag (string)

Specifies the name of the regular expression to move.

Return Value

The PwdRemoveRegExp method returns one of the following values:

• 0 on success
• -1 if the call is unsuccessful

PwdReuseCount Method—Specifies the Number of New Passwords that Must Be Used

The PwdReuseCount method specifies the number of new passwords that must be used before an old password can be reused.

Syntax

The PwdReuseCount method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdReuseCount([pwdReuseCount])

Parameters

The PwdReuseCount method accepts the following parameters:

pwdReuseCount (int)

(Optional) Specifies the password reuse setting.

Return Value

The PwdReuseCount method returns the new or existing password reuse setting.

PwdReuseDelay Method—Specifies the Number of Days a User Must Wait Before Reusing a Password

The PwdReuseDelay method specifies the number of days a user must wait before reusing a password.

Syntax

The PwdReuseDelay method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>PwdReuseDelay([pwdReuseDelay])

Parameters

The PwdReuseDelay method accepts the following parameter:

pwdReuseDelay (type)

(Optional) Specifies the password reuse delay setting.

Return Value

The PwdReuseDelay method returns the new or existing password reuse delay setting.

ReEnableAfterIncorrectPwd Method—Determines whether To Re-enable a User Account after the Entry of an Incorrect Password

The ReEnableAfterIncorrectPwd method determines whether to re-enable a user account after the entry of an incorrect password or passwords.

Syntax

The ReEnableAfterIncorrectPwd method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>ReEnableAfterIncorrectPwd([groupFlag])

Parameters

The ReEnableAfterIncorrectPwd method accepts the following parameter:

groupFlag (int)

(Optional) Specifies whether to re-enable a user account after the entry of an incorrect password:

• 0 disables the account
• 1 enables the account

Return Value

The ReEnableAfterIncorrectPwd method returns one of the following values:

• 1 if a user account should be re-enabled after entry of an incorrect password or passwords.
• 0 if a user should be allowed 1 login attempt after entry of an incorrect password or passwords.

Save Method—Saves the Password Policy to the Policy Store

The Save method saves the password policy to the policy store.

Syntax

The Save method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>Save( )

Parameters

The Save method accepts no parameters.

Return Value

The Save method returns one of the following values:

• 0 if the call is successful
• -1 if the call is unsuccessful
• -4 if the user has insufficient privileges to save the changes.
• 10 if the path and class are empty.

Remarks

Call this method once after making all the modifications to the password policy that you intend to make. This method must be called for any changes to take effect.

StripEmbeddedWhitespace Method—Determines whether To Strip New Passwords of Embedded White Space

The StripEmbeddedWhitespace method sets or retrieves the flag that determines whether to strip new passwords of embedded white space.

Syntax

The StripEmbeddedWhitespace method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>StripEmbeddedWhitespace([stripEmbeddedFlag])

Parameters

The StripEmbeddedWhitespace method accepts the following parameter:

stripEmbeddedFlag (int)

(Optional) Specifies whether to strip embedded white space from new passwords:

• 1 strips the embedded white space
• 0 includes embedded white space

Return Value

The StripEmbeddedWhitespace method returns the new or existing flag setting.

StripLeadingWhitespace Method—Determines whether To Strip New Passwords of Leading White Space

The StripLeadingWhitespace method sets or retrieves the flag that determines whether to strip new passwords of leading white space.

Syntax

The StripLeadingWhitespace method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>StripLeadingWhitespace([stripLeadingFlag])

Parameters

The StripLeadingWhitespace method accepts the following parameter:

stripLeadingFlag (int)

(Optional) Specifies whether to strip leading white space from passwords:

• 1 strips leading white space
• 0 includes leading white space

Return Value

The StripLeadingWhitespace method returns the new or existing flag setting.

StripTrailingWhitespace Method—Determines whether To Strip New Passwords of Trailing White Space

The StripTrailingWhitespace method sets or retrieves the flag that determines whether to strip new passwords of trailing white space.

Syntax

The StripTrailingWhitespace method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>StripTrailingWhitespace([stripTrailingFlag])

Parameters

The StripTrailingWhitespace method accepts the following parameter:

stripTrailingFlag (int)

(Optional) Specifies whether to strip trailing white space from passwords:

• 1 strips trailing white space
• 0 includes trailing white space

Return Value

The StripTrailingWhitespace method returns the new or existing flag setting.

TrackLoginDetails Method—Determines whether To Track Authentication Attempts and Successful Logins

The TrackLoginDetails method sets or retrieves the flag that determines whether to track authentication attempts and successful logins.

Syntax

The TrackLoginDetails method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>TrackLoginDetails([trackingFlag])

Parameters

The TrackLoginDetails method accepts the following parameter:

trackingFlag (int)

(Optional) Specifies whether to enable login tracking:

• 1 enables login tracking
• 0 disables login tracking

Return Value

The TrackLoginDetails method returns the new or existing flag setting.

UserDirClass Method—Sets or Retrieves the Directory Class if the Password Policy Applies to a Part of the Directory

The UserDirClass method sets or retrieves the directory class if the password policy applies to a part of the directory.

Syntax

The UserDirClass method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>UserDirClass([path]) 

Parameters

The UserDirClass method accepts the following parameter:

path (string)

(Optional) Specifies the directory class.

Return Value

The UserDirClass method returns the new or existing directory class.

UserDirectory Method—Sets or Retrieves the User Directory for the Password Policy

The UserDirectory method sets or retrieves the user directory for the password policy.

Syntax

The UserDirectory method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>UserDirectory([userDir])

Parameters

The UserDirectory method accepts the following parameter:

userDir (PolicyMgtUserDir)

(Optional) Specifies the user directory for the password policy.

Return Value

The UserDirectory method returns a PolicyMgtUserDir object.

UserDirPath Method—Sets or Retrieves the Directory Path if the Password Policy Applies to a Part of the Directory

The UserDirPath method sets or retrieves the directory path if the password policy applies to a part of the directory.

Syntax

The UserDirPath method has the following format:

Netegrity::PolicyMgtPwdPolicy‑>UserDirPath([path])

Parameters

The UserDirPath method accepts the following parameter:

path (type)

(Optional) Specifies the directory path.

Return Value

The UserDirPath method returns the new or existing directory path.