We can configure the password policy in Artifactory to meet the organization's security policy. By default, while creating a new user in Artifactory, the password must include the following.
Password Must Include:
- At least 1 upper case letter
- At least 1 lower case letter
- At least 1 digits
- At least 1 special character
- At least 8 characters long
The default policy can be changed according to your organization's security policy by editing the Access YAML file as below.
For Example, I have to set a password policy like below.
- At least 1 upper case letter
- At least 1 lower case letter
- At least 2 digits
- At least 2 special character
- At least 8 characters long
In order to modify the default policy, please edit the access.config.latest.yml. If you need one special character then the value should be set to 1. If you don’t need the special character in your policy then set it to zero.
vi $JFROG_HOME/artifactory/var/etc/access/access.config.latest.yml # DO NOT IMPORT THIS FILE. # This file describes the JFrog Access YAML configuration file and should only be # as a reference. # # To change the configuration in an Access service, follow these instructions: # 1. Find the value you want to update # 2. Set the value in the access.config.latest.yml file under [$JFROG_HOME]/artifactory/var/etc/access # 3. Change access.config.latest.yml to access.config.import.yml # 4. Restart Artifactory --- security: password-policy: # users' password policy uppercase: 1 # minimum number of uppercase letters that the password must contain lowercase: 1 # minimum number of lowercase letters that the password must contain special-char: 2 # minimum number of special char that the password must contain. Special chars list between double quotes " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~" digit: 2 # minimum number of digits that the password must contain length: 8 # minimum length of the password cannot-match-username: true # If true, the password cannot be changed to match the username (case insensitive) not-match-old: true # should access allow setting a new password to the same one currently set for the user
The password policy will change after the restart. Please see the below screenshot after the change.
Output: