Enabling password strength validation

The password strength validation module is disabled by default. We must enable it before we can validate whether a new password meets the configured criteria.

1. Access the local management interface to configure an XSLT rules file to define the password strength rules. The following steps use password-rules.xslt as an example.
2. Select Web > Global Settings > Password Strength from the top menu. The Password Strength management page displays.
3. Take one of the following actions:
   • If rules files exist, select the file to enable, such as password-rules.xslt, from the available list of File Names.
   • If no rules files exist:
     1. Click New to create a new rules file.
     2. Enter a name for the new file such as password-rules.xslt.
     3. Click Save. The system generates a new file that is based on the default template.
4. Click Edit.
5. Update the file to reflect the rules you want to set.
6. Click Save.
7. Access the WebSEAL configuration file for your instance.
8. Update the [password-strength] stanza in the WebSEAL configuration file as follows:

   [password-strength]
   rules-file = file 
   debug-level = level

   where:

   file

   Name of the rules file for the password strength validation module.

   level

   Controls the trace level for the module.

   [password-strength]  
   rules-file = password-rules.xslt
   debug-level = 5

   The level variable indicates the trace level; 1 designates a minimal amount of tracing, and 9 designates the maximum. The Security Verify Access pdadmin trace command also modifies the trace level by using the trace component name of pd.cas.pwdstrength. This trace component is only available after the first change password operation is processed.

Parent topic: Password strength