The Passphrase Password Generator provides a mechanism for generating strong but memorable passphrases by concatenating randomly-selected words from a specified dictionary file.
Although the resulting passwords will contain only alphabetic characters (unless the configured dictionary includes words with numbers or symbols), they can still be considered very strong. The passwords will be long enough to make them highly resistant to brute force attacks. Further, even though they may be created from commonly-used words, combining multiple randomly-selected words in a randomly-determined order results in an extremely large number of permutations that makes them highly resistant to dictionary attacks. For more information about the strength of passwords of this type, see the documentation for the Haystack Password Validator.
The Passphrase Password Generator component inherits from the Password Generator
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| dictionary-file | |
| minimum-password-characters | |
| minimum-password-words | |
| capitalize-words |
| Description | A description for this Password Generator |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Password Generator is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The path to the dictionary file that will be used to obtain the words for use in generated passwords. The specified dictionary file must exist, and must contain one word per line. All blank lines and all lines that start with the '#' character will be ignored. |
| Default Value | None |
| Allowed Values | A filesystem path |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The minimum number of characters that generated passwords will be required to have. |
| Default Value | 20 |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The minimum number of words that must be concatenated in the course of generating a password. |
| Default Value | 4 |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to capitalize each word used in the generated password. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Password Generators:
dsconfig list-password-generators
[--property {propertyName}] ...
To view the configuration for an existing Password Generator:
dsconfig get-password-generator-prop
--generator-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Password Generator:
dsconfig set-password-generator-prop
--generator-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Passphrase Password Generator:
dsconfig create-password-generator
--generator-name {name}
--type passphrase
--set enabled:{propertyValue}
--set dictionary-file:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Password Generator:
dsconfig delete-password-generator
--generator-name {name}