My webMethods Server 10.15 | My webMethods Server Webhelp | Administering My webMethods Server | System Administrator Functions | Managing Security | Using Password Complexity Policies
 
Using Password Complexity Policies
 
Adding Custom Password Complexity Policies
A password complexity policy enforces requirements that make user passwords more resistant to brute-force attacks. You can create a password complexity class and add it to My webMethods Server for use with the system directory service. You cannot use this function for external directory services.
My webMethods Server includes an out-of-the-box password complexity policy class, the DefaultSystemPasswordComplexityPolicy, which is not enabled by default. The default password complexity enforces the following requirements to all system user passwords:
*Minimum password length of three symbols;
*Maximum password length of 64 symbols;
*Maximum three identical or sequential characters in a row, for example aaa or 123.
You can enable the default password complexity policy, or configure your custom password complexity implementations as follows:
*To configure a password complexity policy for My webMethods Server
1. Log in to My webMethods Server and go to the Properties page of the system directory service:
*As SysAdmin: Administration Dashboard > User Management > Directory Services Administration
*As My webMethods Administrator: Navigate > Applications > My webMethods > Directory services
2. On the Directory Services page, click the system directory service.
3. In the Password Complexity Class field under Security Information, select one of the following:
*com.webmethods.portal.service.dir.impl.DefaultSystemPasswordComplexityPolicy - to use the built-in option for password complexity.
*Other - to supply the fully qualified name of the class that contains your custom password complexity policy.
4. Click Apply.