Most of the time you want to use “length”, “pattern”, and/or “must” statements.
Example:
type string {
pattern ".*[0-9]+.*" {
error-message "The password must have at least one digit";
}
pattern ".*[a-z]+.*" {
error-message "The password must have at least one lower case alpha";
}
pattern ".*[A-Z]+.*" {
error-message "The password must have at least one upper case alpha";
}
pattern ".*[<>~;:!@#/$%^&*=-]+.*" {
error-message "The password must have at least one of these symbols: [<>~;:!@#/$%^&*=-]+";
}
pattern ".* .*" {
modifier invert-match;
error-message "The password must have no spaces";
}
length "8..max" {
error-message "The password must be at least 8 characters long";
}
}
If you want to validate the passwords using some code or a script it gets a bit more complicated, as you must add a transform and a validation point.
You can use this demo as a reference on how to do so:
The demo uses a C application to serve the transform callpoint and the validation point. You can of course implement the same type of application in for example Python if that is important.