TASSTA Documentation Center TASSTA Documentation Center More products
Hide table of contents Hide details Search My account

T.Commander password policies

TASSTA software has a built-in validation system that rejects the most common and weak passwords, which can be used for brute-force attacks. Standard password requirements are:

  • It should be at least eight characters long on all systems. Can be changed on request.
  • It should not be a dictionary word or proper name (e.g. cat, hightree, 12345678). Can be repealed on request.
  • It should not be the same as the User ID.
  • It should expire within a maximum of 90 calendar days. Can be changed on request.
  • It should not be identical to any of the previous ten passwords.
  • It should not be transmitted in the plain text outside the secure location.
  • It should not be displayed when entered.

These password policy settings apply to T.Commander users and to password changes by T.Flex, T.Rodon and T.Bridge users.

Before you begin, make sure you have a valid keystore with a correctly issued key and certificate pairs.

Here is an example of a password policy definition:

com.tassta.policy.pwd.enabled=true
com.tassta.policy.pwd.use-dictionary=true
com.tassta.policy.pwd.length=8
com.tassta.policy.pwd.history-depth=10
com.tassta.policy.pwd.dictionary-path=classpath:pwddic/*
com.tassta.policy.pwd.days=30
Option Meaning
com.tassta.policy.pwd.enabled Whether the password policy is enabled (disabled by default in versions older than 3.5.3, enabled by default in version 3.5.3 and later)
com.tassta.policy.pwd.use-dictionary Whether to check that the password is not a dictionary word or proper name
com.tassta.policy.pwd.dictionary-path Absolute path to the dictionary (T.Commander uses a default password dictionary with 1 million common passwords)
com.tassta.policy.pwd.length Minimum allowed password length (the value is also used for password generation)
com.tassta.policy.pwd.history-depth Whether to check that the password is not identical to the previous N passwords (the default value is 10)
com.tassta.policy.pwd.days How many days to use the password before it expires (the default is 90 days)

Any changes to the configuration require a server restart.

restart-commander

In addition, open /usr/local/tassta/configserver/config.xml, locate <group>amgw</group> and add / change the following lines:

<setting>
<name>check_pwd_history</name>
<value>true</value>
</setting>
<setting>
<name>pwd_history_depth</name>
<value>1</value>
</setting>

Any changes to the configuration require a server restart.

restart-amgwserver

Password policy option locations

For T.Flex, T.Rodon and T.Bridge users:

  • Password length: /usr/local/tassta/tc/bin/config/application.properties
  • Password history use and depth: /usr/local/tassta/tc/bin/config/application.properties and /usr/local/tassta/configserver/config.xml
  • Password dictionary use and dictionary: /usr/local/tassta/tc/bin/config/application.properties
  • Password expiration: /etc/tassta-server.ini

For T.Commander users:

  • Password length /usr/local/tassta/tc/bin/config/application.properties
  • Password history use and depth /usr/local/tassta/tc/bin/config/application.properties and /usr/local/tassta/configserver/config.xml
  • Password dictionary use and dictionary /usr/local/tassta/tc/bin/config/application.properties
  • Password expiration /usr/local/tassta/tc/bin/config/application.properties (com.tassta.policy.pwd.days option)