Defining a Password Policy

The repository administrator is responsible for defining a password policy to ensure that passwords are sufficiently secure and are changed at appropriate intervals. The password policy governs only users who are not managed by LDAP.

1. Connect to the repository and select Repository > Administration > Password Policy (or right-click the root node, and select Properties to open the repository property sheet, and then click the Passwords tab).
2. Select policy settings as appropriate:

   Setting	Description
   Password length	Specifies the minimum and maximum permitted length of passwords. This option cannot be disabled. The minimum minimum length for a password is 6 characters.
   Password must contain	Specifies that passwords must contain at least one of each of the character types selected.
   Disallow reuse of previous x passwords	Prevents users from reusing the specified number of old passwords.
   Enforce changing of passwords after x days	Requires that users change their passwords after the specified number of days.
   Block inactive users after x days without connection	Blocks users if they try to log in after the specified number of days of inactivity.
   Temporarily block users for x minutes after y failures to log in	Blocks users for the specified number of minutes if they submit an invalid combination of username and password the specified number of times.
   Temporary passwords issued by an administrator are valid for x days	Specifies the period for which temporary passwords (which are issued when a user is created or unblocked) are valid. Users attempting to use a temporary password after this time will be blocked.

3. Click OK to save your changes.
   Changes made to the policy take effect immediately. If your policy becomes more restrictive, users whose passwords are no longer compliant will be instructed to change their password when next they connect.