Metrics Engine Documentation Index
Configuration Reference Home

Dictionary Password Validator

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact UnboundID support in order to understand the potential impact of that change.

The Dictionary Password Validator determines whether a proposed password is acceptable based on whether the given password value appears in a provided dictionary file.

A large dictionary file is provided with the server, but the administrator can supply an alternate dictionary. In this case, then the dictionary must be a plain-text file with one word per line.

Parent Component
Properties
dsconfig Usage

Parent Component

The Dictionary Password Validator component inherits from the Password Validator

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ dictionary-file
↓ case-sensitive-validation
↓ test-reversed-password

Basic Properties

description

Description
A description for this Password Validator
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the password validator is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

dictionary-file

Description
Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the Metrics Engine instance root.
Default Value
For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt
Allowed Values
Unknown
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

case-sensitive-validation

Description
Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

test-reversed-password

Description
Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Password Validators:

dsconfig list-password-validators
     [--property {propertyName}] ...

To view the configuration for an existing Password Validator:

dsconfig get-password-validator-prop
     --validator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Password Validator:

dsconfig set-password-validator-prop
     --validator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Dictionary Password Validator:

dsconfig create-password-validator
     --validator-name {name}
     --type dictionary
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Password Validator:

dsconfig delete-password-validator
     --validator-name {name}