On the Password policy tab, you can create a password policy for local users.
Note that the minimal password length policy property can not be disabled, and minimal password length can’t be lesser than 6 characters. The rest of the policy properties are quite self-explaining.
The policy will start to be applicable to all operations in which passwords are created or changed:
- administrator edits the user record
- u user edits their own profile
- user account is created or updated via the API
If the password doesn't meet the policy requirements, the operation will be rejected. Errors will be shown on the top of the UI form. In the case of API usage, errors will be recorded in the log file.
When an administrator changes the password policy, it’s not applied to existing users. Thus, even after policy edit, the database may retain users with passwords that do not correspond to the policy. The policy will be applied when the administrator or user attempts to change the password (both via UI form or API).