Metrics Engine Documentation Index
Configuration Reference Home

Similarity Based Password Validator

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact UnboundID support in order to understand the potential impact of that change.

The Similarity Based Password Validator determines whether a proposed password is acceptable by measuring how similar it is to the user's current password.

In particular, it uses the Levenshtein Distance algorithm to determine the minimum number of changes (where a change may be inserting, deleting, or replacing a character) to transform one string into the other. It can be used to prevent users from making only minor changes to their current password when setting a new password. Note that for this password validator to be effective, it is necessary to have access to the user's current password. Therefore, if this password validator is to be enabled, the password-change-requires-current-password attribute in the password policy configuration must also be set to true.

Parent Component
Properties
dsconfig Usage

Parent Component

The Similarity Based Password Validator component inherits from the Password Validator

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ min-password-difference

Basic Properties

description

Description
A description for this Password Validator
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the password validator is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

min-password-difference

Description
Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable.
Default Value
None
Allowed Values
An integer value. Lower limit is 0. Upper limit is 2147483647 .
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Password Validators:

dsconfig list-password-validators
     [--property {propertyName}] ...

To view the configuration for an existing Password Validator:

dsconfig get-password-validator-prop
     --validator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Password Validator:

dsconfig set-password-validator-prop
     --validator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Similarity Based Password Validator:

dsconfig create-password-validator
     --validator-name {name}
     --type similarity-based
     --set enabled:{propertyValue}
     --set min-password-difference:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Password Validator:

dsconfig delete-password-validator
     --validator-name {name}