PingDirectory

Configuring password validators for updates

Password policies contain the following properties for configuring the set of password validators that are invoked for add operations, modify operations, and password modify extended operations.

password-validator

The set of password validators that should be invoked. Zero or more validators can be configured.

skip-validation-for-administrators

Indicates whether to allow administrators to set passwords that do not satisfy the password validation requirements.

No validators are included in the out-of-the-box configuration for the default password validator. Unless the --allowWeakRootUserPassword argument is provided when running setup, or the equivalent option is chosen when setting up the server in interactive mode, the passwords for root users and topology administrators are subject to the following requirements:

  • The password must contain at least 12 characters.

  • The password must not be contained in a dictionary of common words in various languages

  • The password must not be contained in a dictionary of commonly used passwords

The skip-validation-for-administrators property is false by default in both the default password policy and the policy for root users and topology administrators.