Password Policy Rules

Connectware allows defining specific password policy rules by setting an environment variable CYBUS_AUTH_PASSWORD_POLICY_RULES before startup (see Environment Variables). This variable must contain string defining a JSON object with the following properties:

• min - The minimum number of characters a password must contain.

• lower - The minimum number of lower-case letters a password must contain. (example: abcö)

• upper - The minimum number of upper-case letters a password must contain. (example: ABCDÜ)

• numeric - The minimum number of digit numbers a password must contain. (example: 123)

• symbol - The minimum number of symbol or punctuation characters a password must contain. (example: $#*?+~.)

Examples: {"min": 5} (default), {"min": 16}, {"min": 8, "upper": 2, "lower": 2, "numeric": 1}

Each of the properties can be set to one integer value. Each property is optional in the JSON object. If any value is zero, the respective rule is disabled and ignored. The character classes are checked using the “Unicode Regular Expression” category properties. For details on the exact definition of the character classes, see https://unicode.org/reports/tr18/#General_Category_Property .

The environment variable will be checked at start-up. If there is a misconfiguration, for example a syntax error in the JSON object, the auth-server container will not start and print a corresponding error message in its logs.

The default password policy rule is {"min": 5}, requiring a minimum length of 5 characters for each password.