MINIMUM_LENGTH - Enforces a minimum length when setting a new password.
Default: 15
V13.0 and earlier default: 0
Maximum: 64
REQUIRED_CLASSES - Enforces a minimum number of character classes from lower case, upper case, numbers, and symbols when setting a new password.
Default: 0
EXPIRE_IN_DAYS - Passwords to expire after this many days. Login attempts will fail with PWDEXP_ERR (1116). The ADMIN account is excluded from password expiration.
Default: 0 (Never expires).
Advanced notes
This subsystem can be specified in an encrypted server settings file using the ctcfgset utility to prevent these settings from being changed in the configuration file or at runtime.
If the minimum length and required classes settings are changed in the configuration file or at runtime, they do not affect existing passwords because only a hash of the password is stored. The time to expiration takes effect immediately even for existing user accounts.
When changing subsystem options at runtime (for example, using ctadmn), either the entire subsystem or particular subsystem options might be blocked by having been specified in a settings file. In both cases, the attempt to change the options fails with error SETO_ERR (804), even if some of the subsystem options are not blocked. If SETO_ERR occurs when specifying multiple options at runtime, check CTSTATUS.FCS for a message indicating which options are blocked and try again with just those options that are not blocked.
Security
