HPE Community
StoreVirtual Storage
1751833 Members
5192 Online
108782 Solutions
New Discussion

Re: Feature Request - External AD Authentication Complex Passwords

 
BG76
Occasional Collector

‎11-21-2016 02:14 PM

‎11-21-2016 02:14 PM

Feature Request - External AD Authentication Complex Passwords

Hello,

I have a VSA 12.6 implementation that I just integrated into our AD. However, I noticed when I logged in using my AD credentials, which has a period in the password, I get an error message stating that passwords with a "." are not permitted.

I opened a ticket, and support advised that no passwords, even externally authenticated AD passwords, can have special characters, like a period, in them.

We try to use complex passwords, which may contain some of these characters that are not permitted, in our AD environment. I don't know if this is the correct place for feature requests, but I would like to request that AD integrated logins not be bound by those password restrictions in order to maintain password complexity.

Thanks

0 Kudos
Reply
1 REPLY 1
Stor_Mort
HPE Pro

‎11-28-2016 10:28 AM

‎11-28-2016 10:28 AM

Re: Feature Request - External AD Authentication Complex Passwords

Hi BG76,

Thanks for your comment and request. The special character restrictions for passwords are the union of LeftHand OS (Linux) and Microsoft AD password constraints. We have asked the devs for a simpler, less restrictive policy, but they declined. It was pointed out that a longer random password with a slightly limited symbol set is equivalent to a shorter more complex password. Requiring a longer password, even with a smaller symbol set, is effective protection against password cracking attacks.

And password attacks are just one way of gaining access. You also need to protect against social engineering and many other vectors which are arguably more effective (and faster) than password cracking, which may be one of the less important vulnerabilities today. But it takes time for policy to catch up with reality.

I am an HPE employee - HPE SImpliVity Support

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.