Sm_PolicyApi_PasswordPolicy_t

Defines a stmndr password policy object.
casso127
Defines a
CA Single Sign-On
password policy object.
Syntax
typedef struct Sm_PolicyApi_PasswordPolicy_s
{
int iStructId;
char pszOid[BFSIZE];
char pszName[BFSIZE];/* Required */
char pszDesc[BFSIZE];
bool bEntireDir;/* Required */
bool bIsEnabled;/* Required */
char pszUserDirectoryOid[BFSIZE];/* Required */
char pszPath[BFSIZE];/* Required */
char pszClass[BFSIZE];/* Required */
int nResolution;/* Required */
int nLoginMaxFailures;/* Required */
int nLoginMaxInactivity;/* Required */
int nLoginInactivityWarn;
int nLoginDaysGrace;/* Required */
char pszDictionaryName[BFSIZE];
int nDictionaryPartial;/* Required */
int nExpirationDelay;/* Required */
int nReenablement;/* Required */
int nPasswordBehavior;/* Required */
char pszPasswordServicesRedirect[BFSIZE];
int nPWMaxLength;/* Required */
int nPWMinLength;/* Required */
int nPWMaxRepeatingChar;/* Required */
int nPWMinAlphaNum;/* Required */
int nPWMinAlpha;/* Required */
int nPWMinNonAlpha;/* Required */
int nPWMinNonPrintable;/* Required */
int nPWMinNumbers;/* Required */
int nPWMinPunctuation;/* Required */
int nPWReuseCount;/* Required */
int nPWReuseDelay;/* Required */
int nPWPercentDifferent;/* Required */
int nPWPercentSequence;/* Required */
int nPWSpecialsLength;/* Required */
struct Sm_PolicyApi_PasswordPolicy_s* next;
int nPriority;/* Required */
int nPWMinLowerAlpha;/* Required */
int nPWMinUpperAlpha;/* Required */
int nReserved1;
int nReserved2;
int nReserved3;
int nReserved4[BFSIZE];
} Sm_PolicyApi_PasswordPolicy_t;
Field
Description
iStructId
Password policy data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid
The object identifier of the password policy object.
pszName
Name of the password policy.
pszDesc
Brief description of the password policy object.
bEntireDir
Flag: Set to true to apply the password policy to the entire LDAP directory.
bIsEnabled
Flag: Set to true to enable the password policy.
pszUserDirectoryOid
Object identifier of the user directory to which the password policy will apply.
pszPath
If
bEntireDir
is set to false, use this field to specify the users to whom the password policy applies. For example, values you can specify include:
A complete user DN
A complete DN of an organization or group containing the users to whom the password policy applies
A search expression that represents the users to whom the password policy applies
See
nResolution
for more information.
pszClass
If
bEntireDir
is set to false, use this field to specify the object class where the password policy applies.
Specify the object class as understood by a particular user directory, such as organizationalUnit in LDAP or Userin NT.
nResolution
A constant that shows how the password policy applies to the users specified in
pszPath
. For example:
If
pszPath
is the path to a group, the following constant indicates that the password policy applies to the members of the group:
Sm_PolicyResolution_UserGroup
If
pszPath
is a search expression that searches for all groups containing a particular attribute, the following constant indicates that the password policy applies to the members of the matching groups:
Sm_PolicyResolution_GroupProp
Policy resolution constants are defined in Sm_PolicyResolution_t.
nLoginMaxFailures
Maximum number of failed login attempts a user can make before the user account is disabled.
nLoginMaxInactivity
Number of days of inactivity allowed before a user's password expires. The account is not disabled until the user tries to log in after the expiration.
nLoginInactivityWarn
Reserved.
nLoginDaysGrace
Number of days in advance to notify user that the password will expire.
pszDictionaryName
The location of a dictionary file that lists words that cannot be used in a password.
nDictionaryPartial
The minimum number of letters to qualify for dictionary checking. For example, set this field to 5 to avoid checking words of 4 or fewer characters. Set this field to 0 to reject only passwords that match a word in the dictionary exactly.
nExpirationDelay
Number of days of inactivity allowed before user account is disabled.
nReenablement
Specifies the number of minutes a user must wait before attempting to log in again or before the user's account is re-enabled.
The condition that applies after the
nReenablement
time period is determined by the following flag (which is set through
nPasswordBehavior
):
Sm_PasswordPolicyBehavior_FullReenable
nPasswordBehavior
Bit mask flags expressing the behavior of the password policy, as defined in Sm_PasswordPolicyBehavior_t.
You can also set recursive behavior for the password policy through the additional password behavior flag below. Use this flag to indicate that the password policy applies to the group specified in
pszPath
and to any groups nested within it:
Sm_PolicyBehavior_Recursive_Yes
All password behavior flags are defined in SmApi.h.
pszPasswordServices
Redirect
The URL to which the user should be redirected when an invalid password is entered. This must be the URL of the Password Services CGI.
nPWMaxLength
The maximum length for user passwords.
nPWMinLength
Minimum length for user passwords.
nPWMaxRepeatingChar
Maximum number of identical characters that can appear consecutively in a password.
nPWMinAlphaNum
Minimum number of alphabetic or numeric characters (A-Z, a-z, or 0-9) that a password must contain. May be set in conjunction with
PWMinAlpha
or
PWMinNumbers
. For example, if
PWMinAlphaNum
and
PWMinNumbers
are set to 4, the password 1234 is valid.
nPWMinAlpha
Minimum number of alphabetic characters (A-Z, a-z) a password must contain.
nPWMinNonAlpha
Minimum number of non-alphanumeric characters a password must contain. These characters include punctuation marks and other symbols located on the keyboard, such as "@", "$", and "*."
nPWMinNonPrintable
Minimum number of non-printable characters that must be in a password. These characters cannot be displayed on a computer screen.
nPWMinNumbers
Minimum number of numeric characters (0-9) a password must contain.
nPWMinPunctuation
Minimum number of punctuation marks a password must contain. These characters include periods, commas, exclamation marks, slashes, hyphens, dashes, and other marks used for punctuation.
nPWReuseCount
Number of new passwords that must be used before an old one can be reused.
nPWReuseDelay
Number of days a user must wait before reusing a password.
nPWPercentDifferent
The percentage of characters a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password may contain no characters that were in the previous password, unless
nPWPercentSequence
is set to 0.
nPWPercentSequence
Flag that indicates whether to ignore sequence (character position) when the different-from-previous-characters percentage is calculated. To ignore character position, set
nPWPercentSequence
to 1. This flag works in conjunction with
nPWPercentDifferent
. Forexamples of how this parameter works with
nPWPercentDifferent
, see Figure31 on page 150.
nPWSpecialsLength
Specifies the minimum character sequence to check against the user's personal information. For example, if this value is set to 4,
CA Single Sign-On
prohibits the use of any four consecutive characters found in the user's personal information, such as the four last digits of the user's telephone number.
This field prevents a user from incorporating personal information in a password.
CA Single Sign-On
checks the password against attributes in the user's directory entry.
next
Pointer to the next registration scheme structure.
nPriority
Priority of password policy, when multiple password policies apply. The value can be any integer, including a negative one. The higher number has priority over the lower number.
nPWMinLowerAlpha
Minimum number of lowercase alphabetic characters.
nPWMinUpperAlpha
Minimum number of uppercase alphabetic characters.