Password Policy

Overview⚓︎

Hydrolix can enforce a password complexity policy for your users. There are two settings that control this feature:

Setting Name	Type	Default	Description
`enable_password_complexity_policy`	boolean	`false`	Enables and disables stricter password creation rules
`password_expiration_policy`	non-negative integer	(No expiration)	Number of days allowed between password changes

Password Complexity Requirements⚓︎

Once enable_password_complexity_policy is activated, your Hydrolix cluster will enforce these rules:

Minimum Length: 8 characters
Uppercase Characters: At least 1
Lowercase Characters: At least 1
Digits: At least 1
Special Characters: At least 1
Not Recently Used: The past 24 passwords
Not Username: Not the same as your username
Not Email: Not the same as your email

How to Enable Password Complexity Requirements⚓︎

Make sure that the existing user passwords in your account conform to the Password Complexity Requirements stated above.

Run the update_passwords script. Replace <your_namespace> with the appropriate value.

   kubectl --namespace <your_namespace> -c turbine-api exec -it $(kubectl get pods --namespace <your_namespace> | grep ^turbine-api | awk '{print $1}') -- python3 manage.py update_passwords

Delete any turbine-api init jobs and restart the operator. Make sure you replace <your_namespace> below with your Kubernetes namespace:

   kubectl get jobs -n <your_namespace> | grep init-turbine-api | awk '{print $1}' | xargs -I {} kubectl delete job {}
   kubectl rollout restart deployment operator

Restart the turbine-api and query-head deployments:

   kubectl rollout restart deployment query-head turbine-api

Warnings about duplicate environment variable names when running the above command can be safely ignored.

Add the two settings to your hydrolixcluster.yaml file. For example, to turn the feature on while specifying a 90-day password expiration policy:
hydrolixcluster.yaml
1 2 3 4 5
spec: ... enable_password_complexity_policy: true password_expiration_policy: 90 ...