In the Password Security View, which you can open from the Administration Perspective launch panel, you can change password specific settings like:
Figure: Password Security View
The section Password Encryption describes how password encryption can be enabled or disabled.
In case Enable Strong Passwords is enabled, the following select boxes are available:
Figure: Setting Password Strength
The value range for each field is from 0 - 6. Click on the drop-down list to choose one of these values:
Figure: Select a Value.
In case Require Unique Password is enabled, the following selection fields are enabled:
Figure: Password Reuse
Values are provided from 0 - 6. Click on the drop down selection list to choose one of these values:
Figure: Select a Value.
In case Force Periodic Password Change is enabled, the following entry fields are provided:
Figure: Password Expiration Policy Settings
In the Maximum Password Age entry field, a value can be entered to determine the maximum time a password is valid. Default value is 90 days and allowed value range is 1-999
Users having the administration role do not get expired.
The Send notification e-mail x days prior to password expiration entry field value determines the number of days, a user should be informed before the password expires. In case the value is set to 0 no notifications is sent. The default value is 3 days. The allowed value range is 0-999
You can provide the URL for the portal login page via the property Security.Password.LoginDialogUrl in your carnot.properties file. In case this property is set, the provided URL will be added to your notification mail.
The period to send these notification mails is set to once per day per default. In case you like to change this period, set the property system.daemon.PasswordNotifier.Periodicity in your server-side carnot.properties file to the number of days you like to start the notification after the last pass.
After the user password has expired, the account is put into a limited mode for a period of days where the user is still able to access the system only for changing the expired password. After this period is expired, the account will be deactivated and administrative action is required to re-activate it again. You have the option to set the number of these days to disable accounts after the password has expired.
In the Disable account x days after password expiration entry field, you can enter the number of days the account will be disabled after the official password expiration. Set value -1 to disable this feature. This is the default value. The allowed value range is 0-999
Click Save to apply all changes.
A dialog opens to confirm to save the password security settings:
Figure: Confirmation Dialog
In case the saving has been performed successfully, a notification dialog opens:
Figure: Save Information Dialog
Per default, password encryption is disabled. To determine that password encryption is enabled, you can set the property Security.Password.Encryption in your server-side carnot.properties file to true.
This property should only be set once, otherwise the passwords are not readable anymore.
If this property is set to
true, the Password Encryption
checkbox is enabled. Note that you cannot edit the field.
Figure: Password Encryption
You have the option to retrieve encrypted passwords from a file by using the console or sysconsole command provided by Infinity Process Platform. Please refer to the chapters Sysconsole Command and Console Command of the Infinity Process Platform Documentation - Operation Guide Sysconsole Command and Console Command in the Operation Guide of the Developers Handbook for detailed information on the appropriate commands and necessary parameters.