Directory Services 7.4.3

Similarity Based Password Validator

The Similarity Based Password Validator determines whether a proposed password is acceptable by measuring how similar it is to the user’s current password.

In particular, it uses the Levenshtein Distance algorithm to determine the minimum number of changes (where a change may be inserting, deleting, or replacing a character) to transform one string into the other. It can be used to prevent users from making only minor changes to their current password when setting a new password. Note that for this password validator to be effective, it is necessary to have access to the user’s current password. Therefore, if this password validator is to be enabled, the password-change-requires-current-password attribute in the password policy configuration must also be set to true.

Parent

The Similarity Based Password Validator object inherits from Password Validator.

Similarity Based Password Validator properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
min-password-difference

java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the password validator is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

min-password-difference

Synopsis

Specifies the minimum difference of new and old password.

Description

A value of zero indicates that no difference between passwords is acceptable.

Default value

None

Allowed values

An integer.

Lower limit: 0.

Upper limit: 2147483647.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default value

org.opends.server.extensions.SimilarityBasedPasswordValidator

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.