Issue/Symptom/Question

I would like to know what the limits and some of their descriptions are for Penta password security.

Applies To

Penta for Windows (PfW)

System Management > System Rules > Password Configuration

Resolution/Fix/Answer

The Password Configuration window allows you to establish parameters for creating and maintaining PENTA and server passwords. This window allows you to comply with commonly accepted password standards and helps protect information within PENTA from unauthorized disclosure or changes. 

Penta Password:

• Number of days before password will expire - Quantify the days that will pass before the password expires. Enter a whole number greater than zero that is less than the “Number of days before account is locked out” field value.
• Numbers of days before account is locked out - Quantify the days that will pass before PENTA prevents you from logging in with an unchanged password. Enter an integer between 0 and 999 that is greater than the “Number of days before password will expire” field value.
• Minimum password length - Quantify the minimum character length allowed for a password. Enter an integer between 1 and 10 (Penta version 26.1 and up, the maximum characters is 16). The sum of the values for “Minimum number of alpha characters in password” + “Minimum number of numeric characters in password” must be less than or equal to this field’s value. See this article related to password length and characters to avoid: Maximum characters in a PENTA password
• Minimum number of letter characters in password - Quantify the minimum number of letter characters allowed for each password. Enter an integer between 0 and 10 (Penta version 26.1 and up, the maximum characters is 16). The sum of the values for “Minimum number of alpha characters in password” + “Minimum number of numeric characters in password” must be less than or equal to the “Minimum password length.”
• Minimum number of non-letter characters in password - Quantify the minimum number characters allowed for each password. Enter a value between 0 and 10 (Penta version 26.1 and up, the maximum characters is 16). The sum of the values for “Minimum number of alpha characters in password” + “Minimum number of numeric characters in password” must be less than or equal to “Minimum password length.”
• Minimum number of character differences to previous passwords - Quantify the minimum number of different characters PENTA allows between a new password and the previous password. Enter an integer between 1 and 10 (Penta version 26.1 and up, the maximum characters is 16).
• Minimum days a password must exist before changing - Quantify the minimum number of days that will pass before PENTA allows you to change the password. Enter an integer between 1 and 999. This parameter controls how often users can change their passwords. This prevents users from bypassing the “Number of previous passwords used to validate password uniqueness” parameter (see below) by changing their passwords enough times in order to re-use their old passwords.
• Number of invalid attempts before lockout - Quantify the number of failed attempts to change a password PENTA allows before locking a user out of the secured account. Once PENTA locks a user out of his/her account due to this parameter, your PENTA Administrator must reset the user’s password. Enter a value that is greater than zero.
• Number of previous passwords used to validate password uniqueness - Quantify the number of previous passwords PENTA will check when validating a new password. This value prevents you from reusing and old password. Enter a number that is greater than zero.

Server Password:

• Number of days before password will expire - Quantify the days the server password is active before users must create a new password. Enter an integer between 0 and 999.

NOTE: For server password, this is the Linux account and password that this Penta account uses to connect to the Linux server. This is needed for some windows that use the character Penta application running on the Linux server. You can enforce this complexity directly through Linux. if this expires some windows will not work (Define users is an example)

For the password policies, we recommend tying in Penta authorization to your AD accounts, if that is viable for you. This would allow you to enforce password policies through AD, give you a centralized place, and offers more controls over password rules than PfW.