DS 7.3.4

Dictionary Password Validator

The Dictionary Password Validator determines whether a proposed password is acceptable based on whether the given password value appears in a provided dictionary file.

A large dictionary file is provided with the server, but the administrator can supply an alternate dictionary. In this case, then the dictionary must be a plain-text file with one word per line.

Parent

The Dictionary Password Validator object inherits from Password Validator.

Dictionary Password Validator properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

case-sensitive-validation
check-substrings
dictionary-file
enabled
min-substring-length
test-reversed-password

java-class

Basic properties

Use the --advanced option to access advanced properties.

case-sensitive-validation

Synopsis

Indicates whether this password validator is to treat password characters in a case-sensitive manner.

Description

If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

check-substrings

Synopsis

Indicates whether this password validator is to match portions of the password string against dictionary words.

Description

If "false" then only match the entire password against words otherwise ("true") check whether the password contains words.

Default value

true

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

dictionary-file

Synopsis

Specifies the path to the file containing a list of words that cannot be used as passwords.

Description

It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root.

Default value

None

Allowed values

The path to any text file contained on the system that is readable by the server.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the password validator is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

min-substring-length

Synopsis

Indicates the minimal length of the substring within the password in case substring checking is enabled.

Description

If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords.

Default value

5

Allowed values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

test-reversed-password

Synopsis

Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given.

Description

For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user’s entry.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default value

org.opends.server.extensions.DictionaryPasswordValidator

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.