To control password requirements, add SUBSYSTEM SECURITY PASSWORD to your ctsrvr.cfg configuration file.
The default values are:
SUBSYSTEM SECURITY PASSWORD {
MINIMUM_LENGTH 15
REQUIRED_CLASSES 0
EXPIRE_IN_DAYS 0
BLOCK_OLD_PASSWORD 0
PASSWORD_HASH ORIGINAL
PASSWORD_HASH_DIFFICULTY 0
}
MINIMUM_LENGTH - Enforces a minimum length when setting a new password.
Default: 15
V13.0 and earlier default: 0
Maximum: 1024
REQUIRED_CLASSES - Enforces a minimum number of character classes from lower case, upper case, numbers, and symbols when setting a new password.
Default: 0
EXPIRE_IN_DAYS - Passwords to expire after this many days. Login attempts will fail with PWDEXP_ERR (1116). The ADMIN account is excluded from password expiration.
Default: 0 (Never expires).
BLOCK_OLD_PASSWORDS - When a non-zero number (N), password change attempts that reuse any of the N previous passwords for a user will fail with error PASSWORD_BLOCKLIST_ERR(1256).
Default: 0 (No check).
PASSWORD_HASH - In V13.0.4 onwards, allows setting the hash function used when generating new entries in the password database.
Default: ORIGINAL (SHA2-512 hash scheme)
PASSWORD_HASH_DIFFICULTY - In v13.0.4 onwards, sets a scaling factor for PASSWORD_HASH values.
Default: Depends on PASSWORD_HASH value.
Advanced notes