Complex administrator passwords are not enforced in Encryption Management Server

book

Article ID: 171746

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Symantec Encryption Management Server administrator accounts do not have password complexity requirements by default in releases prior to 3.4.2.

Cause

This is by design.

Environment

Encryption Management Server prior to release 3.4.2.

Resolution

Upgrade to Encryption Management Server release 3.4.2 or above because starting with release 3.4.2, password complexity is enabled by default. Please see article TECH250466 for further details.

Alternatively, in releases prior to 3.4.2, use the following steps to enforce password complexity:

  1. Connect to the server using SSH or PuTTY using the steps in article TECH149673.
  2. Backup the omf.properties file:
    cp /etc/ovid/omf.properties /etc/ovid/omf.properties.bak
  3. Edit  /etc/ovid/omf.properties
  4. Add the following line somewhere in the file and save it:
    omf.strong.admin.passphrases=true
  5. Restart the tomcat and httpd services:
    pgpsysconf --restart tomcat
    pgpsysconf --apache

For assistance modifying this setting, please contact Symantec Technical Support.

After taking these steps, a new passphrase for an administrator must meet all of the following requirements:

  • at least 8 characters long.
  • at least one lower case letter.
  • at least one upper case letter.
  • at least one number.
  • at least one special character.

Note that in release 3.4.2 and above, administrator password settings are configured in the file /etc/ovid/prefs.xml rather than /etc/ovid/omf.properties.