Setting the complexity and minimum length of passwords for local accounts

Overview

Even though Nexthink recommends externally managed accounts for improved security, you may still need to create local accounts for API users or for testing purposes.

To prevent central administrators from assigning weak passwords to local accounts, configure complexity criteria such as the minimum length of the password and the types of characters that the password must include. These will be verified when adding new users to the system or when updating the password of an existing user.

The default minimum length of a password is 8 characters and a minimum of three other complexity criteria must be met. These limits do not apply to accounts whose password is externally managed (SAML or Active Directory accounts).

Required types of characters in local passwords

By default, a local password must fulfil at least three out of the four following complexity criteria on the type of characters included:

  • 1 uppercase letter

  • 1 lowercase letter

  • 1 digit

  • 1 special character

Where the configurable list of special characters is:

!"#$%&'()*+,-./:;<=>?@[]^_`{|}~

And the number of complexity criteria to fulfill is configurable as well.

Setting the minimum length and complexity criteria

To change the minimum length and other complexity criteria for passwords of local accounts:

  1. Log in to the CLI of the Portal appliance.

  2. Optional: If the Portal has no configuration file yet, that is, if portal.conf does not exist in folder /var/nexthink/portal/conf, create it by copying the defaults from the sample configuration file: sudo -u nxportal cp /var/nexthink/portal/conf/portal.conf.sample \ /var/nexthink/portal/conf/portal.conf

  3. Edit the Portal configuration file: sudo vi /var/nexthink/portal/conf/portal.conf

  4. Press G to go to the end of the file.

  5. Press o to insert a new line.

  6. Type in the following line to change the default value to 12, for example:globalconfig.portal.user.password.min-length = 12

  7. Type in the following line to change the default number of default complexity criteria that a password must fulfil to all 4, for example: globalconfig.portal.user.password.number-of-criteria = 4

  8. Type in the following line to explicitly set the default list of special characters:globalconfig.portal.user.password.special-characters = " !\"#$%&'()*+,-./:;<=>?@[]^_`{|}~"

  9. Press Esc to stop editing.

  10. Save your changes and exit by typing: :wq

  11. Restart the Portal to apply your settings: sudo systemctl restart nxportal


RELATED TASK

Last updated