Password strength

The password strength module validates the strength of new passwords.

This module is started by a password change operation, which is initiated by the /pkmspasswd command. It evaluates the new password against an XSLT rule to determine whether the new password meets the configured criteria.

ISAM uses the password strength rules configured by this module in addition to the password policy rules that are set in pdadmin to evaluate each password. The new password must meet both the password policy settings and the XSLT rules that are imposed by this module.

• Password strength validation rule language
  Extensible Style Language (XSL) specifies rules. Extensible Markup Language (XML) is the language for the data. It forms an input to the rules. The combination of XML and XSL provides a platform-independent method of expressing both the inputs to the rules evaluator and the rules themselves.
• UMI XML document model
  The Universal Management Infrastructure XML document model (UMI XML model) is a set of restrictions that are placed on the XSL or XML model by the password strength validation rules implementation. This model enables the interface to be both simple and functional for password strength validation purposes.
• Containers and XML UMI container names
  When data is requested from a resource manager, the granularity of the returned XML data is at the level of a single container of information. The container is normally also the smallest data element, for example, elements that might be considered for billing purposes.
• XML password strength validation model
  The following UMI XML document shows the data passed to the XSL processor from the rules evaluator during the evaluation of a password strength validation rule.
• Password strength rules evaluator
  The evaluator evaluates password strength rules in the constraints required by the password strength validation engine. A configuration file that we specify supplies the pre-configured rules to the password strength validation module.
• Enable password strength validation
  The password strength validation module is disabled by default. We must enable it before we can validate Whether a new password meets the configured criteria.
• Password strength validation attributes
  We can use these attributes in the password strength validation rules.

Parent topic: Advanced authentication methods

Related concepts

• Multiplexing proxy agents
• Switch user authentication
• Reauthentication
• Authentication strength policy (step-up)
• External authentication interface
• Client Certificate User Mapping
• Authenticated User Mapping
• External user mapping