Password Policy Commands

getpasswordpolicy

Returns the password policy for the account. The accountID is required for Appliance customers..

getpasswordpolicy {account_ID} 

Example Results:

Executing command: getpasswordpolicy
Password Policy is: description: Passwords must be 8 characters in length and 
contain at least one number, regEx: , minLen: 8, maxLen: 0, mixedCase: False, 
special: False, numeric: True, nousername: True, changeonfirstuse: True, 
history: 0, expiration: 0, hashalgorithm: base, maxfailedloginattempts: 3, 
failedloginwindow: 20

For Account Administrators only.

removeaccountoverrideparameter

Removes the override parameter for this account from the list of allowed account override parameters. If no such parameter exists, command will inform that in the result.

removeaccountoverrideparameter [parametername]

setaccountoverrideparameter

Sets the value for allowed account override parameter for the current logged in account admin user's account. Existing values will be replaced. For example, setting the parameter DISABLE_USER_SEARCH_IN_SPACE to true disables autocomplete for searches.

setaccountoverrideparameter [parameter name] [parameter value]

setpasswordpolicy

Sets the password policy for the account. The accountID is required for Appliance installations. Each time you run setpasswordpolicy it fully replaces the pre-existing policy.

By default, the minimum requirements for passwords include: all passwords must be a minimum of 6 characters in length, cannot be the username, and cannot contain sequences or repeated characters or be commonly-used passwords.

For Account Administrators only.

setpasswordpolicy "policy_options" "description" "{regular_expression}" {accountID} 
Parameters
  • Policy_options is a comma-separated list of key-value pairs, enclosed in double quotes. There are no spaces between the pairs and commas. Keys are:
    • minlength: Minimum password length. Cannot be set to less than 6.
    • maxlength: Maximum password length.
    • containsmixedcase: true/false; Must contain both upper and lower case characters.
    • containsspecial: true/false; Must contain at least one special character.
    • containsnumeric: true/false; Must contain at least one numeric character.
    • doesnotcontainusername: true/false. Must not contain the user name string.
    • historylength: Number of passwords that cannot be repeated.
    • expirationdays: Number of days until password expires. The expiration time is determined by the delta of the time when a user logs in and the time of the user's last password change. The last password change date for a new user is the date when the user was created.
    • changeonfirstuse: true/false; Force user to change password on first login. This is useful for ensuring that user passwords are private.
    • maxfailedloginattempts: Maximum number of failed login attempts allowed before user is locked out (defaults to 5).
    • failedloginwindow: Time in minutes before a user account is unlocked after the maxfailedloginattempts has been reached (defaults to 10 minutes).
    • description is a text field enclosed in double quotes. Describe your new policy here.
    • regular expression optionally allows you to require a specific character. For example, a regular expression could require all passwords to start with a number: ^[0-9]. For another example, to require at least one lower case character: [a-z]+. Otherwise, leave it blank, but enter the double quotes.
    • accountID is required for Appliance accounts. It does not require double quotes.

      Example:

      setpasswordpolicy "minlength=8,containsnumeric=true,historylength=5,expirationdays=30,changeonfirstuse=true,maxfailedloginattempts=3,failedloginwindow=20" "Passwords must be 8 characters in length and contain at least one number" ""

testpassword

Test a password against the account password policy. The accountID is required for Appliance customers.

testpassword password username {accountID}

Example:

testpassword s3kr1T user1@company.com 

For Account Administrators only.