Password policy
The password policy applies to all passwords in IBM Security Guardium Key Lifecycle Manager. For example, passwords for users, export files, backup files, replication backup files, and so on. The policy is specified in the SKLM_DATA/config/TKLMPasswordPolicy.xml file.
The policy does not apply to the initial passwords that are created for default users such as SKLMAdmin. These default users are created during IBM Security Guardium Key Lifecycle Manager installation.
The password policy applies to changes to passwords for default users, and to new and changed passwords for new users. Policy checking is done only when you create or change a user profile. You must assign a role to a new user before that user attempts to log in to IBM Security Guardium Key Lifecycle Manager.
PasswordPolicy enabled="true"
For more information, see Changing the password policy.
Rule | Default value |
---|---|
Minimum length | 8 |
Maximum length | 20 Note: Ensure that the value does not exceed 127.
|
Minimum number of numeric characters | 2 |
Minimum number of alphabetic characters | 3 |
Maximum number of consecutive occurrences of the same character | 2 |
Upper-case characters | At least 1 Note: This is a non-configurable rule.
|
Lower-case characters | At least 1 Note: This is a non-configurable rule.
|
Special characters For more information, see https://www.ibm.com/support/pages/supported-special-characters-ibm-security-key-lifecycle-manager-passwords. Note: The special character requirement is not enforced when imcl tool is used
for silent installation.
|
Allowed: ~@_/+: Disallowed: `!#$%^&*()=}{][|"';?.<,>- |
Disallow the presence of the user ID* in the password | Enabled |
Disallow the presence of the user name* in the password | Enabled |
* Detection of this value is case-sensitive.
CaseInsensitive
for the user ID and user name:
<?xml version="1.0" encoding="UTF-8"?>
<PasswordPolicy enabled="true" name="Password policy for TKLM"
uuid="" version="1.0">
<Description />
<PasswordRules><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
<PasswordRuleSet version="1.0">
<MinLengthConstraint Min="8"/>
<MaxLengthConstraint Max="20"/>
<MaxSequentialChars Max="2"/>
<MinAlphabeticCharacters Min="3"/>
<MinDigitCharacters Min="2"/>
<MayNotContain CharList="`!#$%^&*()=}{][|"';?.<,>-"/>
<MustContain CharList="~@_/+:"/>
<NotUserID/>
<NotUserName/>
</PasswordRuleSet>
]]></PasswordRules>
</PasswordPolicy>