How to set up a password policy in Artifactory? [Video]

Daniel Poterman
2021-02-02 14:46

In this short video we will demonstrate how we can configure a custom password policy for Artifactory users in terms of length and complexity. This will allow the Artifactory admins to ensure that their users will set a more secure and complex passwords.

 

Video Transcription

Hi, my name is Daniel from JFrog Support. In this short video, I will show how to set up a password policy for Artifactory users. The main reason to configure this option is to make sure that the users will use a more complex and secure passwords.

In order to set it up, we will need an up and running Artifactory server with access to the hosting machine. The password policy should be configured in a file called access.config.latest.yml, which is located in the JFroghome/Artifactory/etc/access. Now, we will edit this file using Vim.

We’ll go ahead and add the following parameters. In this case, I am setting the minimum parameters to one. This means that the password will have to contain at least one uppercase letter, one lowercase letter, and one digit. Now, we’ll save the file and exit from text editor.

Pay attention to this part, as it is crucial. In order for the changes to take effect, we need to rename the access.config.latest.yml file to access.config.import.yml. Now, we’ll restart Artifactory and take a look at our new password policy.

We’ll go ahead and try to edit the user password using only lowercase letters. As you can see, we get an error that says that the new password doesn’t qualify the password policy. Now, we will go ahead and use a password that matches the configured policy: Successfully updated the user password. This concludes our short tutorial. You can find more information about these settings and others in the link in the description below. Thank you.