Create a Password Composition Policy with the CLI

To create a password composition policy from the CLI using the addPasswordPolicy command. You can use this command for the following tasks.
capam327
To create a password composition policy from the CLI using the 
addPasswordPolicy
 command. You can use this command for the following tasks.
 
 
2
 
 
Create a Password Composition Policy
 
Follow these steps:
 
  1. Specify the password composition policy:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addPasswordPolicy PasswordPolicy.name=MaximumPasswordAgePolicy PasswordPolicy.description=PasswordCompositionPolicy Attribute.passwordPrefix=pas Attribute.composedOfUpperCaseCharacters=True Attribute.composedOfLowerCaseCharacters=True Attribute.composedOfNumericCharacters=True Attribute.composedOfSpecialCharacters=true Attribute.specialCharacters=!#$%()*+,-./:;=?[\\]^_{|}~ Attribute.firstCharacterUpperCase=true Attribute.firstCharacterLowerCase=true Attribute.firstCharacterNumeric=true Attribute.firstCharacterSpecial=true Attribute.firstCharacterSpecials=!#$%()*+,-./:;=?[\\]^_{|}~ Attribute.lastCharacterUpperCase=true Attribute.lastCharacterLowerCase=true Attribute.lastCharacterNumeric=true Attribute.lastCharacterSpecial=true Attribute.lastCharacterSpecials=!#$%()*+,-./:;=?[\\]^_{|}~ Attribute.mustNotContainConsecutiveDuplicateCharacters=true Attribute.mustNotContainAnyDuplicateCharacters=true Attribute.mustNotContainCharacters=true Attribute.composedOfMustNotContainCharacters=XYZ Attribute.minLength=6 Attribute.maxLength=16 Attribute.minIterationsBeforeReuse=2 Attribute.minDaysBeforeReuse=3
  2. Enter your password at the prompt. Credential Manager returns the following XML command string:
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success.</cr.statusDescription> <cr.result> <PasswordPolicy> <minLength>6</minLength> <maxLength>16</maxLength> <minDaysBeforeReuse>3</minDaysBeforeReuse> <minIterationsBeforeReuse>2</minIterationsBeforeReuse> <firstCharacterSpecialCharacters>!#$%()*+,-./:;=?[\\]^_{|}~</firstCharacterSpecialCharacters> <mustNotContainCharacters>true</mustNotContainCharacters> <passwordPrefix>pas</passwordPrefix> <specialCharacters>!#$%()*+,-./:;=?[\\]^_{|}~</specialCharacters> <composedOfLowerCaseCharacters>true</composedOfLowerCaseCharacters> <composedOfMustNotContainCharacters>false</composedOfMustNotContainCharacters> <composedOfNumericCharacters>true</composedOfNumericCharacters> <composedOfSpecialCharacters>true</composedOfSpecialCharacters> <composedOfUpperCaseCharacters>true</composedOfUpperCaseCharacters> <firstCharacterLowerCase>true</firstCharacterLowerCase> <firstCharacterNumeric>true</firstCharacterNumeric> <firstCharacterSpecial>true</firstCharacterSpecial> <firstCharacterUpperCase>true</firstCharacterUpperCase> <mustNotContainDuplicateCharacters>true</mustNotContainDuplicateCharacters> <mustNotContainRepeatingCharacters>true</mustNotContainRepeatingCharacters> <name>NewPasswordPolicy</name> <type>passwordPolicy</type> <description>PasswordCompositionPolicy</description> <ID>1006</ID> <Attribute.composedOfNumericCharacters>true</Attribute.composedOfNumericCharacters> <Attribute.mustNotContainCharacters>true</Attribute.mustNotContainCharacters> <Attribute.composedOfSpecialCharacters>true</Attribute.composedOfSpecialCharacters> <Attribute.firstCharacterNumeric>true</Attribute.firstCharacterNumeric> <Attribute.mustNotContainAnyDuplicateCharacters>true</Attribute.mustNotContainAnyDuplicateCharacters> <Attribute.firstCharacterSpecial>true</Attribute.firstCharacterSpecial> <Attribute.firstCharacterSpecials>!#$%()*+,-./:;=?[\\]^_{|}~</Attribute.firstCharacterSpecials> <Attribute.firstCharacterLowerCase>true</Attribute.firstCharacterLowerCase> <Attribute.composedOfLowerCaseCharacters>true</Attribute.composedOfLowerCaseCharacters> <Attribute.maxLength>16</Attribute.maxLength> <Attribute.passwordPrefix>pas</Attribute.passwordPrefix> <Attribute.composedOfMustNotContainCharacters>false</Attribute.composedOfMustNotContainCharacters> <Attribute.firstCharacterUpperCase>true</Attribute.firstCharacterUpperCase> <Attribute.minLength>6</Attribute.minLength> <Attribute.minDaysBeforeReuse>3</Attribute.minDaysBeforeReuse> <Attribute.specialCharacters>!#$%()*+,-./:;=?[\\]^_{|}~</Attribute.specialCharacters> <Attribute.composedOfUpperCaseCharacters>true</Attribute.composedOfUpperCaseCharacters> <Attribute.minIterationsBeforeReuse>2</Attribute.minIterationsBeforeReuse> <Attribute.mustNotContainConsecutiveDuplicateCharacters>true</Attribute.mustNotContainConsecutiveDuplicateCharacters> <createDate>Wed Nov 24 07:13:03 UTC 2010</createDate> <createUser>admin</createUser> <extensionType /> <hash /> <updateDate>Wed Nov 24 07:13:03 UTC 2010</updateDate> <updateUser>admin</updateUser> </PasswordPolicy> </cr.result> </CommandResult>
 
Set the Maximum Password Age
 
The maximum password age specifies the maximum number of days a password is valid. The default value is 90 days. The password age is reset each time that the password is updated.
 
Follow these steps:
 
  1. Specify the new policy:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addPasswordPolicy PasswordPolicy.name=MaximumPasswordAgePolicyNew PasswordPolicy.description=PasswordCompositionPolicy Attribute.composedOfUpperCaseCharacters=True Attribute.composedOfLowerCaseCharacters=True Attribute.composedOfNumericCharacters=True Attribute.firstCharacterUpperCase=true Attribute.minLength=6 Attribute.maxLength=16 Attribute.minIterationsBeforeReuse=2 Attribute.minDaysBeforeReuse=3 Attributre.maxPasswordAge=true Attribute.maxPasswordAge=12
  2. Enter your password at the prompt. 
    Credential Manager returns the following XML command string:
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success.</cr.statusDescription> <cr.result> <PasswordPolicy> <minLength>6</minLength> <maxLength>16</maxLength> <maxPasswordAge>0</maxPasswordAge> <minDaysBeforeReuse>3</minDaysBeforeReuse> <minIterationsBeforeReuse>2</minIterationsBeforeReuse> <firstCharacterSpecialCharacters>!#$%()*+,-./:;=?@[\]^_`{|}~&#38; </firstCharacterSpecialCharacters> <mustNotContainCharacters></mustNotContainCharacters> <passwordPrefix></passwordPrefix> <specialCharacters>!#$%()*+,-./:;=?@[\]^_`{|}~&#38;</specialCharacters> <composedOfLowerCaseCharacters>true</composedOfLowerCaseCharacters> <composedOfMustNotContainCharacters>false</composedOfMustNotContainCharacters> <composedOfNumericCharacters>true</composedOfNumericCharacters> <composedOfSpecialCharacters>false</composedOfSpecialCharacters> <composedOfUpperCaseCharacters>true</composedOfUpperCaseCharacters> <enableMaxPasswordAge>false</enableMaxPasswordAge> <firstCharacterLowerCase>false</firstCharacterLowerCase> <firstCharacterNumeric>false</firstCharacterNumeric> <firstCharacterSpecial>false</firstCharacterSpecial> <firstCharacterUpperCase>true</firstCharacterUpperCase> <mustNotContainDuplicateCharacters>false</mustNotContainDuplicateCharacters> <mustNotContainRepeatingCharacters>false</mustNotContainRepeatingCharacters> <name>MaximumPasswordAgePolicyNew</name> <type>passwordPolicy</type> <description>PasswordCompositionPolicy</description> <ID>1004</ID> <Attribute.composedOfNumericCharacters>true</Attribute.composedOfNumericCharacters> <Attribute.mustNotContainCharacters></Attribute.mustNotContainCharacters> <Attribute.composedOfSpecialCharacters>false</Attribute.composedOfSpecialCharacters> <Attribute.firstCharacterNumeric>false</Attribute.firstCharacterNumeric> <Attribute.maxPasswordAge>0</Attribute.maxPasswordAge> <Attribute.enableMaxPasswordAge>false</Attribute.enableMaxPasswordAge> <Attribute.firstCharacterSpecial>false</Attribute.firstCharacterSpecial> <Attribute.firstCharacterSpecials>!#$%()*+,-./:;=?@[\]^_`{|}~&#38; </Attribute.firstCharacterSpecials> <Attribute.mustNotContainAnyDuplicateCharacters>false </Attribute.mustNotContainAnyDuplicateCharacters> <Attribute.firstCharacterLowerCase>false</Attribute.firstCharacterLowerCase> <Attribute.composedOfLowerCaseCharacters>true</Attribute.composedOfLowerCaseCharacters> <Attribute.maxLength>16</Attribute.maxLength> <Attribute.passwordPrefix></Attribute.passwordPrefix> <Attribute.composedOfMustNotContainCharacters>false </Attribute.composedOfMustNotContainCharacters> <Attribute.firstCharacterUpperCase>true</Attribute.firstCharacterUpperCase> <Attribute.minLength>6</Attribute.minLength> <Attribute.minDaysBeforeReuse>3</Attribute.minDaysBeforeReuse> <Attribute.specialCharacters>!#$%()*+,-./:;=?@[\]^_`{|}~&#38;</Attribute.specialCharacters> <Attribute.composedOfUpperCaseCharacters>true</Attribute.composedOfUpperCaseCharacters> <Attribute.minIterationsBeforeReuse>2</Attribute.minIterationsBeforeReuse> <Attribute.mustNotContainConsecutiveDuplicateCharacters>false </Attribute.mustNotContainConsecutiveDuplicateCharacters> <createDate>Thu Dec 01 11:17:28 UTC 2011</createDate> <createUser>admin</createUser> <updateDate>Thu Dec 01 11:17:28 UTC 2011</updateDate> <updateUser>admin</updateUser> <extensionType></extensionType> <hash></hash> </PasswordPolicy> </cr.result> </CommandResult>
Configure Automatic Updating of Expired Passwords
You can enable or disable automatic updating of expired passwords globally using the 
targetAccountPasswordExpirationEnabled
 command. For example:
capam_command adminUserID=admin capam=mycompany.com cmdName=setSystemProperty propertyName=targetAccountPasswordExpirationEnabled propertyValues=true
The default value is false.