Defines a SiteMinder password policy object.
Syntax
typedef struct Sm_PolicyApi_PasswordPolicy_s { int iStructId; char pszOid[BFSIZE]; char pszName[BFSIZE]; /* Required */ char pszDesc[BFSIZE]; bool bEntireDir; /* Required */ bool bIsEnabled; /* Required */ char pszUserDirectoryOid[BFSIZE]; /* Required */ char pszPath[BFSIZE]; /* Required */ char pszClass[BFSIZE]; /* Required */ int nResolution; /* Required */ int nLoginMaxFailures; /* Required */ int nLoginMaxInactivity; /* Required */ int nLoginInactivityWarn; int nLoginDaysGrace; /* Required */ char pszDictionaryName[BFSIZE]; int nDictionaryPartial; /* Required */ int nExpirationDelay; /* Required */ int nReenablement; /* Required */ int nPasswordBehavior; /* Required */ char pszPasswordServicesRedirect[BFSIZE]; int nPWMaxLength; /* Required */ int nPWMinLength; /* Required */ int nPWMaxRepeatingChar; /* Required */ int nPWMinAlphaNum; /* Required */ int nPWMinAlpha; /* Required */ int nPWMinNonAlpha; /* Required */ int nPWMinNonPrintable; /* Required */ int nPWMinNumbers; /* Required */ int nPWMinPunctuation; /* Required */ int nPWReuseCount; /* Required */ int nPWReuseDelay; /* Required */ int nPWPercentDifferent; /* Required */ int nPWPercentSequence; /* Required */ int nPWSpecialsLength; /* Required */ struct Sm_PolicyApi_PasswordPolicy_s* next; int nPriority; /* Required */ int nPWMinLowerAlpha; /* Required */ int nPWMinUpperAlpha; /* Required */ int nReserved1; int nReserved2; int nReserved3; int nReserved4[BFSIZE]; } Sm_PolicyApi_PasswordPolicy_t;
Field |
Description |
---|---|
iStructId |
Password policy data structure ID, defined in Sm_PolicyApi_Structs_t. |
pszOid |
The object identifier of the password policy object. |
pszName |
Name of the password policy. |
pszDesc |
Brief description of the password policy object. |
bEntireDir |
Flag: Set to true to apply the password policy to the entire LDAP directory. |
bIsEnabled |
Flag: Set to true to enable the password policy. |
pszUserDirectoryOid |
Object identifier of the user directory to which the password policy will apply. |
pszPath |
If bEntireDir is set to false, use this field to specify the users to whom the password policy applies. For example, values you can specify include:
See nResolution for more information. |
pszClass |
If bEntireDir is set to false, use this field to specify the object class where the password policy applies. Specify the object class as understood by a particular user directory, such as organizationalUnit in LDAP or User in NT. |
nResolution |
A constant that shows how the password policy applies to the users specified in pszPath. For example:
Sm_PolicyResolution_UserGroup
Sm_PolicyResolution_GroupProp Policy resolution constants are defined in Sm_PolicyResolution_t. |
nLoginMaxFailures |
Maximum number of failed login attempts a user can make before the user account is disabled. |
nLoginMaxInactivity |
Number of days of inactivity allowed before a user's password expires. The account is not disabled until the user tries to log in after the expiration. |
nLoginInactivityWarn |
Reserved. |
nLoginDaysGrace |
Number of days in advance to notify user that the password will expire. |
pszDictionaryName |
The location of a dictionary file that lists words that cannot be used in a password. |
nDictionaryPartial |
The minimum number of letters to qualify for dictionary checking. For example, set this field to 5 to avoid checking words of 4 or fewer characters. Set this field to 0 to reject only passwords that match a word in the dictionary exactly. |
nExpirationDelay |
Number of days of inactivity allowed before user account is disabled. |
nReenablement |
Specifies the number of minutes a user must wait before attempting to log in again or before the user's account is re-enabled. The condition that applies after the nReenablement time period is determined by the following flag (which is set through nPasswordBehavior): Sm_PasswordPolicyBehavior_ |
nPasswordBehavior |
Bit mask flags expressing the behavior of the password policy, as defined in Sm_PasswordPolicyBehavior_t. You can also set recursive behavior for the password policy through the additional password behavior flag below. Use this flag to indicate that the password policy applies to the group specified in pszPath and to any groups nested within it: Sm_PolicyBehavior_Recursive_Yes All password behavior flags are defined in SmApi.h. |
pszPasswordServices |
The URL to which the user should be redirected when an invalid password is entered. This must be the URL of the Password Services CGI. |
nPWMaxLength |
The maximum length for user passwords. |
nPWMinLength |
Minimum length for user passwords. |
nPWMaxRepeatingChar |
Maximum number of identical characters that can appear consecutively in a password. |
nPWMinAlphaNum |
Minimum number of alphabetic or numeric characters (A-Z, a-z, or 0-9) that a password must contain. May be set in conjunction with PWMinAlpha or PWMinNumbers. For example, if PWMinAlphaNum and PWMinNumbers are set to 4, the password 1234 is valid. |
nPWMinAlpha |
Minimum number of alphabetic characters (A-Z, a-z) a password must contain. |
nPWMinNonAlpha |
Minimum number of non-alphanumeric characters a password must contain. These characters include punctuation marks and other symbols located on the keyboard, such as "@", "$", and "*." |
nPWMinNonPrintable |
Minimum number of non-printable characters that must be in a password. These characters cannot be displayed on a computer screen. |
nPWMinNumbers |
Minimum number of numeric characters (0-9) a password must contain. |
nPWMinPunctuation |
Minimum number of punctuation marks a password must contain. These characters include periods, commas, exclamation marks, slashes, hyphens, dashes, and other marks used for punctuation. |
nPWReuseCount |
Number of new passwords that must be used before an old one can be reused. |
nPWReuseDelay |
Number of days a user must wait before reusing a password. |
nPWPercentDifferent |
The percentage of characters a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password may contain no characters that were in the previous password, unless nPWPercentSequence is set to 0. |
nPWPercentSequence |
Flag that indicates whether to ignore sequence (character position) when the different-from-previous-characters percentage is calculated. To ignore character position, set nPWPercentSequence to 1. This flag works in conjunction with nPWPercentDifferent. For examples of how this parameter works with nPWPercentDifferent, see Figure 31 on page 150. |
nPWSpecialsLength |
Specifies the minimum character sequence to check against the user's personal information. For example, if this value is set to 4, SiteMinder prohibits the use of any four consecutive characters found in the user's personal information, such as the four last digits of the user's telephone number. This field prevents a user from incorporating personal information in a password. SiteMinder checks the password against attributes in the user's directory entry. |
next |
Pointer to the next registration scheme structure. |
nPriority |
Priority of password policy, when multiple password policies apply. The value can be any integer, including a negative one. The higher number has priority over the lower number. |
nPWMinLowerAlpha |
Minimum number of lowercase alphabetic characters. |
nPWMinUpperAlpha |
Minimum number of uppercase alphabetic characters. |
Copyright © 2014 CA.
All rights reserved.
|
|