Directory Proxy Server Documentation Index
Configuration Reference Home

Passphrase Password Generator

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The Passphrase Password Generator provides a mechanism for generating strong but memorable passphrases by concatenating randomly-selected words from a specified dictionary file.

Although the resulting passwords will contain only alphabetic characters (unless the configured dictionary includes words with numbers or symbols), they can still be considered very strong. The passwords will be long enough to make them highly resistant to brute force attacks. Further, even though they may be created from commonly-used words, combining multiple randomly-selected words in a randomly-determined order results in an extremely large number of permutations that makes them highly resistant to dictionary attacks. For more information about the strength of passwords of this type, see the documentation for the Haystack Password Validator.

Parent Component
Properties
dsconfig Usage

Parent Component

The Passphrase Password Generator component inherits from the Password Generator

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ dictionary-file
↓ minimum-password-characters
↓ minimum-password-words
↓ capitalize-words

Basic Properties

description

Description
A description for this Password Generator
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the Password Generator is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

dictionary-file

Description
The path to the dictionary file that will be used to obtain the words for use in generated passwords. The specified dictionary file must exist, and must contain one word per line. All blank lines and all lines that start with the '#' character will be ignored.
Default Value
None
Allowed Values
A filesystem path
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

minimum-password-characters

Description
The minimum number of characters that generated passwords will be required to have.
Default Value
20
Allowed Values
An integer value. Lower limit is 1.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

minimum-password-words

Description
The minimum number of words that must be concatenated in the course of generating a password.
Default Value
4
Allowed Values
An integer value. Lower limit is 1.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

capitalize-words

Description
Indicates whether to capitalize each word used in the generated password.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Password Generators:

dsconfig list-password-generators
     [--property {propertyName}] ...

To view the configuration for an existing Password Generator:

dsconfig get-password-generator-prop
     --generator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Password Generator:

dsconfig set-password-generator-prop
     --generator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Passphrase Password Generator:

dsconfig create-password-generator
     --generator-name {name}
     --type passphrase
     --set enabled:{propertyValue}
     --set dictionary-file:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Password Generator:

dsconfig delete-password-generator
     --generator-name {name}