Configure password quality
IBM Security Verify Access makes use of the PAM password quality checking module (pam_pwquality) for accounts which are used to access the local management interface. For ISAM environments established on version 10.0.0 or newer, the default password quality policy is:
Advanced tuning parameter Value password.policy minlen=8 dcredit=1 ucredit=1 lcredit=1
For ISAM environments established on earlier versions, password quality checking is not performed unless the password.policy tuning parameter is added manually.
When Password Quality checking is performed
Password quality checking is performed for the default admin account during any password change operation or for any System Account when the account is created or a password change operation is taking place.
Events which set a password using non-interactive methods such as silent configuration or bootstrapping processes when deploying in cloud environments are not subject to the password quality checking.
Configure Password Strength Rules
The password quality policy is configured by setting or modifying the Advanced Tuning Parameter password.policy. The expected format of this parameter is a series of key-value pairs corresponding to pam_pw quality options.
To disable password quality checking, remove the Advanced Tuning Parameter password.policy.
Supported options
The following options from the pam_pw quality module can be used when authoring a password policy:
- minlen
- dcredit
- ucredit
- lcredit
- ocredit
- minclass
- maxrepeat
- maxclassrepeat
Dictionary-based checking is not supported.
Parent topic: System settings