PGP Administrator Password Complexity Enforcement via Passphrase Authentication (Manual Passphrase Assignment)
search cancel

PGP Administrator Password Complexity Enforcement via Passphrase Authentication (Manual Passphrase Assignment)

book

Article ID: 171744

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption

Issue/Introduction

PGP Encryption Management Server 3.4.2 and above include additional password complexity/requirements (Symantec Encryption Management Server). 

This article will go over the details on how this functionality works.

Resolution

Releases of PGP Encryption Server prior to 3.4.2 allow password complexity to be enabled using the steps in article 171746 but passwords do not expire.

PGP Encryption Server 3.4.2 and above include additional password management features including password expiry.

By default, administrator passwords expire every 60 days. 


See the PGP Encryption Server Administrator's Guide for full details but a summary of the new features are:

  1. Aging (enable-password-aging) - Whether to enable password aging. This is enabled by default.
  2. Minimum age (password-min-age) - How long in days administrators must use a password before they can change it. The default value is 1, the minimum is 0, the maximum is 60.
  3. Maximum age (password-max-age) - How long in days before administrators are forced to change their passwords. The default value is 60, the minimum is 0, the maximum is 60.
  4. Advance warning (advance-warning-period) - How long in days administrators are warned that their passwords are about to expire. The default value is 15, the minimum is 0, the maximum is 60.
  5. History (number-of-passwords-to-remember) - Whether to enable password history. This is enabled by default.
  6. Passwords to remember - the number of previous passwords to store. The default is 5, the minimum is 0, the maximum is 30. If this is set to 0 then no passwords will be stored and all previous passwords are deleted.
  7. Complexity (enable-complex-password) - Whether to enable password complexity. This is enabled by default. When enabled, administrator passwords must contain the following. Note that no further customization of these settings is available:
    • At least one digit.
    • At least one upper case letter.
    • At least one lower case letter.
    • At least one special character.
  8. Minimum length (password-min-length) - The minimum number of characters in the password. The default is 8, the minimum is 8, the maximum is 128.
  9. CAPTCHA Enforcement (attempts-without-captcha) - This is the number of failed attempts made before the captcha requirement appears.  
    -1 or 0 will always have captcha enabled.   If you set to 1, then after 1 failed attempt, you will be prompted to enter captcha.  Setting this to 10 will cause captcha to appear after 10 failed attempts.

To modify the above settings, please reach out to Symantec Encryption Support for further guidance.

________________________________________________________________________________________________________________

If you would like to be able to configure a Login Banner, with a customized window for the PGP Encryption Server, please reach out to Symantec Encryption Support.
IMSFR-19

 

 



Additional Information

171746 - PGP Administrator Password Complexity Enforcement via AD Admins (Directory Authentication) for PGP Encryption Server

153670 - PGP Encryption Server Administrator Roles (Symantec Encryption Management Server)

180239 - HOW TO: Enable Directory Synchronization on the PGP Encryption Server (Symantec Encryption Management Server)

180156 - Obtain the Base DN or Bind DN Attributes for LDAP Directory Synchronization for PGP Encryption Server

153668 - Enroll PGP Encryption Desktop clients using Directory Authentication with PGP Encryption Server (Symantec Encryption Management Server)

153425 - Troubleshooting: PGP Encryption Desktop Client Enrollment (Symantec Encryption Desktop)

171744 - PGP Administrator Password Complexity Enforcement via Passphrase Authentication (Manual Password Assignment)

216163 - Reset Password for Administrators on Symantec Encryption Management Server (PGP Server)

 

197991 - PGP Encryption Server Directory Synchronization cannot use IP address for LDAPS (Symantec Encryption Management Server)

EPG-23736
EPG-23711
EPG-23710
ISFR-1795/EPG-23755
ISFR-2458/EPG-29427