Password Complexity Policy
Overview
Hydrolix can enforce a password complexity policy for your users. There are two settings that control this feature:
| Setting Name | Type | Default | Description |
|---|---|---|---|
enable_password_complexity_policy | boolean | false | Enables and disables stricter password creation rules |
password_expiration_policy | non-negative integer | (No expiration) | Number of days allowed between password changes |
Password Complexity Requirements
Once enable_password_complexity_policy is activated, your Hydrolix cluster will enforce these rules:
- Minimum Length: 8 characters
- Uppercase Characters: At least 1
- Lowercase Characters: At least 1
- Digits: At least 1
- Special Characters: At least 1
- Not Recently Used: The past 24 passwords
- Not Username: Not the same as your username
- Not Email: Not the same as your email
How to Enable Password Complexity Requirements
-
Make sure that the existing user passwords in your account conform to the Password Complexity Requirements stated above.
-
Run the update_passwords script. Replace
<your_namespace>with the appropriate value.kubectl --namespace <your_namespace> -c turbine-api exec -it $(kubectl get pods | grep ^turbine-api | awk '{print $1}') -- python3 manage.py update_passwords -
Delete any
turbine-apiinit jobs and restart the operator. Make sure you replace<your_namespace>below with your Kubernetes namespace:kubectl get jobs -n <your_namespace> | grep init-turbine-api | awk '{print $1}' | xargs -I {} kubectl delete job {} kubectl rollout restart deployment operator -
Restart the turbine-api and query-head deployments:
kubectl rollout restart deployment query-head turbine-apiWarnings about duplicate environment variable names when running the above command can be safely ignored.
-
Add the two settings to your
hydrolixcluster.yamlfile. For example, to turn the feature on while specifying a 90-day password expiration policy:spec: ... enable_password_complexity_policy: true password_expiration_policy: 90 ...
Updated 4 months ago