Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [password-policy]

70 questions
9
votes
1 answer

Does the password truly expire?

One can enable password expiration (aka password maximum age) on a Windows domain. I'm a little puzzled though about the meaning of that so-called expiration: It looks like the password does not truly expire. Simply, upon first login after…
Serge Wautier
  • 419
  • 1
  • 5
  • 16
7
votes
1 answer

How do I implement a Fine-grained password policy and expect XP machines to play nice?

I have a 2008 R2 functional level domain and am in the middle of implementing the first actual password policy my organization is going to use. To slowly roll this out to our users, we have chosen to use a fine-grained password policy (FGPP) to only…
Adam Bertram
  • 331
  • 1
  • 4
  • 11
5
votes
3 answers

Block RSA authentication when password is expired

I'm setting up a FreeIPA server on CentOS 7, and I want to block RSA authentication over SSH when the password is expired. By default, when I expire the user password and they login, they are forced to change their password. But, if that same user…
sKr0d
  • 51
  • 2
5
votes
3 answers

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain

I'm using federated identity for Office-365 single sign-on. I have added the password change endpoint to my ADFS 3.0 server, and successfully opened the adfs update password page. However, whenever I try to update the password I get the error above.…
user3340627
  • 131
  • 1
  • 2
  • 8
5
votes
2 answers

How long does a PuTTY keyphrase need to be (i.e. how does PuTTY encrypt private keys)

I'd like to know what a good minimum password length for a PuTTY passphrase is. This depends on the amount of entropy the passphrase needs to have, which in turn depends on the length one attempt takes, which in turn depends on the algorithm used…
Eamon Nerbonne
  • 316
  • 2
  • 5
4
votes
1 answer

Apply New Password Policy via GPO Gradually

I want to make changes to the password policy in our domain (for example, include password complexity) but I want to apply it gradually, to some OU's or users group first. As far as I know the password enformcement are manage for the domain…
Alberto Medina
  • 299
  • 1
  • 9
4
votes
3 answers

How does "your new password must differ at least n characters from the previous" work when only hash codes are stored?

I am wondering how the password policy "your new password must differ at least n characters from your old password" works. My understanding is that the OS never actually stores the old passwords themselves, but their hash codes instead. And there is…
Honza Zidek
  • 190
  • 11
4
votes
1 answer

The password on this account cannot be changed at this time?

A user in my company forgot his password and I had to reset it to a temporary one. I checked the box that says "User Must Change Password at Next Logon". When he logged on and entered the temporary password and two times his newly chosen password…
Daniel
  • 6,780
  • 5
  • 31
  • 60
4
votes
3 answers

Enforce 15-character minimum password length on Windows

I've been given a requirement to enforce a minimum password length of 15 characters on my Windows-based systems. Supposedly, this is possible and is being done on some other systems already. However, I can't seem to get it to work. The key problem…
Iszi
  • 2,236
  • 8
  • 25
  • 33
4
votes
2 answers

Workstations hang on "Change Password" after expired Password

For one of our customers we have configered a maximum password age of 90 days. If those 90 days are over, the users are forced on logon to change their password. This worked fine for the past 9 months, but since today we have massiv problems. The…
SaintCore
  • 83
  • 2
  • 3
  • 8
4
votes
1 answer

How to change Windows Server 2012 password requirements when installing?

i'm trying to install Windows Server 2012, and i'm being prompted that the Administrator account password does not meet the password security requirements: The password you typed does not meet the password complexity requirements set by the…
Ian Boyd
  • 5,131
  • 14
  • 57
  • 79
3
votes
1 answer

How convince Security auditors to change frequent password change policy?

I am a new Junior IT Manager in a small company of around 500 employees and the current policy regarding passwords has enforced password expiration within 30 days, with a password history of 5. As you can understand, this leads to people having…
Andrew Palaistras
  • 33
  • 2
3
votes
5 answers

Apply a password group policy seperate from the Default Domain Policy?

Im trying to keep my Default Domain Policy clean and standard and I want to make a GPO for my password policies. I made it but it still gets the policies from the Default Domain Policy object. I imagine that it gets that one because it is the most…
riahc3
  • 506
  • 4
  • 11
  • 28
3
votes
1 answer

Forcing a password change on OpenBSD

On OpenBSD 5.6 I need to provision a number of user accounts with default passwords. I would like users, upon their first SSH login, to be forced to change their passwords from the default. On CentOS and Debian I can do this using chage -d 0…
J.C.
  • 131
  • 5
3
votes
1 answer

Get password policy information from LDAP Server

Is there a way to get the password policy information (password length, complexity etc) of a user from an OpenLDAP server? (with ldapsearch or some other way).
Cobra Kai Dojo
  • 437
  • 1
  • 6
  • 20
1
2 3 4 5