My application have set some default password-policies which are set through the schema. Password-policies includes required number of lowercase, uppercase chars, numeric digits and special characters in the password.
While setting password from the confd, If the entered password not satisfying the set password-policies, confd prompt the below error, and set-password wont be successful:
Error: BAD PASSWORD: is too simple
Currently confd is giving this generic error even if the entered password satisfy all the policies except one. We want to customize this error to reflect exactly which password-policy is not getting satisfied with the entered passowrd.
Is there any way to solve this with the schema changes or we have to implement validation handler only?
I don’t think the message “BAD PASSWORD: …” comes from ConfD. Also, ConfD does not enforce any password complexity, much less based on configured password policies. So any fix regarding error messages needs to be done in the application that does that.
type string {
pattern ".*[0-9]+.*" {
error-message "The password must have at least one digit";
}
pattern ".*[a-z]+.*" {
error-message "The password must have at least one lower case alpha";
}
pattern ".*[A-Z]+.*" {
error-message "The password must have at least one upper case alpha";
}
pattern ".*[<>~;:!@#/$%^&*=-]+.*" {
error-message "The password must have at least one of these symbols: [<>~;:!@#/$%^&*=-]+";
}
pattern ".* .*" {
modifier invert-match;
error-message "The password must have no spaces";
}
length "8..max" {
error-message "The password must be at least 8 characters long";
}
}