To restrict a variable to a particular password policy script:
Select the script that contains the variable you want to restrict.
Add the following line at the top of the script:
RESTRICTVARIABLE variable_name password_policy
To restrict multiple variables, you just need to add multiple RestrictVariable commands.
The variable_name parameter can be a normal variable (for example, $Password) or a runtime variable (for example, ?temp). This flexibility can be useful if you change a password by using a runtime variable and then set a normal variable to the value of the runtime variable.
Adding the RestrictVariable command is all you need to do to ensure that a variable will comply with the policy. The value entered will be rejected if it does not comply with the policy set for that variable, regardless of whether the variable is being added or changed through SecureLogin or through a script that is running.
If the value being changed by a user is not accepted, a message informs the user as to why the value wasn't permitted. If the value is being set through the ChangePassword command being run in automatic (random) mode, the value generated will comply with the policy.
In some cases, a policy may be created where no acceptable values exist. When this occurs, an error will be displayed when the ChangePassword command tries to generate a password.
For more information on the RestrictVariable command, see RestrictVariable in SecureLogin Script Commands.
Values will not be forced to comply with password policies if you use the SecureLogin SET command to set them.
MAXPASSWORDLENGTH 8
MINPASSWORDLENGTH 8
MAXPUNCTUATION 0
MINPUNCTUATION 0
MAXUPPERCASE 8
MINUPPERCASE 0
MAXLOWERCASE 8
MINLOWERCASE 0
MAXNUMERALS 8
MINNUMERALS 0
This password policy indicates that the password must be exactly 8 characters long and contain no punctuation characters.
The password asdf4jB8 is acceptable.
The password aasdf5$n is unacceptable because it contains a punctuation character.
MAXPASSWORDLENGTH 16
MINPASSWORDLENGTH 6
MAXPUNCTUATION 8
MINPUNCTUATION 0
MAXUPPERCASE 16
MINUPPERCASE 1
MAXLOWERCASE 16
MINLOWERCASE 0
MAXNUMERALS 16
MINNUMERALS 0
BEGINWITHUPPERCASE
DISALLOWEDCHARACTERS @&
This password policy indicates that the password must be between 6 and 16 characters long. It must contain at least one uppercase character. It can contain no more than 8 punctuation characters. It must begin with an uppercase character, and it may not contain either the @ character or the & character.
The password R48iv"? is acceptable.
The password R48?- is unacceptable because it is less that 6 characters long.
MAXPASSWORDLENGTH 12
MINPASSWORDLENGTH 6
MAXPUNCTUATION 8
MINPUNCTUATION 0
MAXUPPERCASE 8
MINUPPERCASE 0
MAXLOWERCASE 8
MINLOWERCASE 0
MAXNUMERALS 8
MINNUMERALS 0
NODUPLICATECHARACTERS CASEINSENSITIVE
POSITIONCHARACTER NUMERAL 3,4,5
This password policy indicates that the password must be between 6 and 12 characters long. It can contain no more than 8 of any character type (uppercase, lowercase, numeral, or punctuation). No character may appear more than once in the paragraph, regardless of case. A numeral must appear in at least one of positions 3, 4, or 5.
The password f54v9)_Q is acceptable.
The password f5v)_QF7 is unacceptable because it has no numeral in positions 3, 4 or 5, and the letter F occurs in positions 1 and 7.