Password policy

Table of contents

• Overview
• Example configuration
• Configuration properties
• Applying password policy

Overview

This document provides guidelines for configuring the password policy in CloudBeaver. Administrators can define rules for user passwords to enhance security and comply with organizational requirements. These settings, applied globally, ensure passwords meet the specified standards during creation and update processes.

For more details on configuration, see the CloudBeaver server configuration.

Example configuration

The Password Policy configuration is located under the server.sm section of the main server configuration file.

sm: {
    enableBruteForceProtection: "${CLOUDBEAVER_BRUTE_FORCE_PROTECTION_ENABLED:true}",
    expiredAuthAttemptInfoTtl: "${CLOUDBEAVER_EXPIRED_AUTH_ATTEMPT_INFO_TTL:60}",
    maxFailedLogin: "${CLOUDBEAVER_MAX_FAILED_LOGINS:10}",
    minimumLoginTimeout: "${CLOUDBEAVER_MINIMUM_LOGIN_TIMEOUT:1}",
    blockLoginPeriod: "${CLOUDBEAVER_BLOCK_PERIOD:300}",
    passwordPolicy: {
        minLength: "${CLOUDBEAVER_POLICY_MIN_LENGTH:8}",
        requireMixedCase: "${CLOUDBEAVER_POLICY_REQUIRE_MIXED_CASE:true}",
        minNumberCount: "${CLOUDBEAVER_POLICY_MIN_NUMBER_COUNT:1}",
        minSymbolCount: "${CLOUDBEAVER_POLICY_MIN_SYMBOL_COUNT:0}"
    }
}

Configuration properties

Name	Environment Variable	Description
minLength	CLOUDBEAVER_POLICY_MIN_LENGTH	Specifies the minimum length requirement for user passwords.
requireMixedCase	CLOUDBEAVER_POLICY_REQUIRE_MIXED_CASE	Enforces the use of both uppercase and lowercase letters in passwords.
minNumberCount	CLOUDBEAVER_POLICY_MIN_NUMBER_COUNT	Sets the minimum number of numeric characters required in passwords.
minSymbolCount	CLOUDBEAVER_POLICY_MIN_SYMBOL_COUNT	Defines the minimum number of special symbols required in passwords.
enableBruteForceProtection	CLOUDBEAVER_BRUTE_FORCE_PROTECTION_ENABLED	Enables brute force protection for login attempts.
expiredAuthAttemptInfoTtl	CLOUDBEAVER_EXPIRED_AUTH_ATTEMPT_INFO_TTL	Time-to-live (TTL) for expired authentication attempt information (in minutes).
maxFailedLogin	CLOUDBEAVER_MAX_FAILED_LOGINS	Maximum number of allowed failed login attempts before blocking access.
minimumLoginTimeout	CLOUDBEAVER_MINIMUM_LOGIN_TIMEOUT	Minimum timeout duration (in minutes) before the next login attempt.
blockLoginPeriod	CLOUDBEAVER_BLOCK_PERIOD	Period (in seconds) for which a login is blocked after maximum failed attempts.

Applying password policy

The configured password policy will be applied during password create and change processes. The CloudBeaver will check the entered passwords against the defined policy, and users will be prompted to update their passwords if they do not meet the specified requirements.