KCM Repository Administrator GuideAdminister KCM RepositoryAdministrative tasksConfigure the password policyAdjust the password policy settings

Adjust the password policy settings

Open the itprep.ini file and adjust the following settings, if necessary.

All values given in the following examples represent the default values.

  1. Password length settings

    You can change the minimum acceptable length of a password with the MinPasswordLength setting. 

    [Security] 
MinPasswordLength=12

    With the MinSafePasswordLength setting, you can define the minimum password length for which the requirement of three different characters types is omitted. 

    [Security] 
MinSafePasswordLength=20

    If MinSafePasswordLength is set to 0, all passwords require three different character types regardless of their length. If this setting is set to a value less than or equal to MinPasswordLength, passwords that satisfy the minimal length requirement do not need three different character types.

    Example 1 

    [Security]
MinPasswordLength=12
MinSafePasswordLength=20

    This example allows "a really long password" (22 characters) and "TestPassw0rd" (12 characters, 3 character types) but does not allow "testpassword" (12 characters, 1 character type).

    Example 2 

    [Security] 
MinPasswordLength=12 
MinSafePasswordLength=0

    This example allows "TestPassw0rd" (12 characters, 3 character types) but does not allow "testpassword" (12 characters, 1 character type) and "a really long password" (24 characters, 1 character type).

    Example 3 

    [Security]
MinPasswordLength=12
MinSafePasswordLength=12

    This example allows "a really long password" (24 characters), "TestPassw0rd" (12 characters, 3 character types), and "testpassword" (12 characters, 1 character type).

  2. Password reuse setting

    With the PasswordReuseAge setting, you can configure the number of months that an old password is retained and forbidden to be reused. 

    [Security]
PasswordReuseAge=12

    If PasswordReuseAge is set to 0, it disables password reuse memory.

  3. Lockout count setting

    With the MaxFailedLogins setting, you can configure the number of times a user can provide wrong password before the user's account is locked out. If MaxFailedLogins is set to 0, the user account is never locked out due to providing the wrong password. 

    [Security] 
MaxFailedLogins=5

  4. Failed logon delay setting

    When a logon attempt fails, there is a waiting period measured in seconds before it can be attempted again. You can configure this waiting period with FailedLoginDelay.The value of FailedLoginDelay should be at least 0 and at most 15. 

    [Security] 
FailedLoginDelay=3

Restart the KCM Repository Server and Content Management API after changing these settings in the itprep.ini file.