5 2 0:Password Management
Overview
|
Visit SEP sesam YouTube Channel for latest videos and webinars. |
|
Check FAQ to find the answers to most common questions. |
|
Problems? See the Troubleshooting Guide. |
|
If you are using an older SEP sesam version, refer to Documentation archive. |
Password management is important for protecting sensitive data from unauthorized access, maintaining the security and integrity of SEP sesam. It involves implementing policies that enforce password complexity and protection to ensure reliable authentication and prevent unauthorized access or compromizing user accounts.
SEP sesam strenghtens password security by providing configurable options for complexity requirements, password expiration settings, and automatic account locking after multiple failed login attempts. Enforcing strong password policies helps reduce the risks of compromise through brute-force attacks or credential theft.
For added security, SEP sesam also supports two-factor authentication, providing an additional layer of security and ensuring reliable verification of the user’s identity.
Key features
- Configurable password complexity requirements, including rules for minimum length, required character types (uppercase, lowercase, digits, special characters), and specification of allowed special characters, including spaces.
- Customizable password expiration dates to enforce periodic password changes and enhance security.
- Automatic user account locking after a specified number of consecutive failed login attempts to prevent unauthorized access.
- Password reset functionality with automatic generation of random passwords.
- Only Administrators with superuser privileges can configure password management rules and reset passwords for other users.
Configuring password requirements
SEP sesam offers advanced password management options that allow administrators to enforce password complexity requirements and customize security policies.
Password complexity requirements
SEP sesam allows administrators to define specific password complexity rules to enhance password strength and security. These requirements can be configured using the following global settings:
- Minimum and maximum password length: The settings gui.auth.pw.min_chars and gui.auth.pw.max_chars define the minimum and maximum length of a password. The default minimum length is 8 characters.
- Required character types: The following settings specify the required number of each character type to be included in passwords:
- gui.auth.pw.min_uppercase — uppercase letters
- gui.auth.pw.min_lowercase — lowercase letters
- gui.auth.pw.min_numbers — numbers
- gui.auth.pw.min_special_chars — special characters
- Allowed special characters: The setting gui.auth.pw.special_chars defines the list of special characters permitted in a password.
- Allowed spaces: The setting gui.auth.pw.allow_space determines whether spaces are allowed in passwords.
Account locking
To prevent automated, brute-force attacks and unauthorized access attempts, SEP sesam allows administrators to define the maximum number of consecutive failed login attempts before an account is locked. Once this limit is reached, the user account is automatically locked, and the user must contact the administrator to unlock the account and regain access.
The setting gui.auth.pw.max_failure_count specifies the allowed number of consecutive failed login attempts before locking the account. The default value is 5.
To unlock an account, in the GUI menu bar navigate to Configuration -> Permission Management. Select the user and uncheck the User Locked option.
Screenshots
Password expiration
To improve password security and enforce regular password changes, you can configure a specific password expiration date for individual users. Once the expiration date is reached, the user must change their password to continue using SEP sesam.
To set the password expiration date, in the GUI menu bar navigate to Configuration -> Permission Management. Select the user and enter the required date in the Expiration day of the password field. Click the downward arrow to open the calendar and select the date. If the field is left empty, the password will not expire.
Screenshots
Resetting user password
To reset the password of another user, you must have superuser privileges. In the process SEP sesam generates a random password, which you send to the user. The user can use the generated password to log in and then change it to a new personal one. The password can be reset in the GUI or in the command line.
Resetting password in the GUI
To reset the password for a user in the GUI follow the procedure below:
- From the menu bar select Configuration ‐> Permission Management. The Permission Management window opens.
- Double-click the user for which you want to reset the password, or select the user and click Change.
- In the Change User window, click Reset Password.
- Click Yes to confirm the action.
- Copy the generated password and send it to the user. Then click OK to apply the changes.
Screenshots
Screenshots
Screenshots
Screenshots
Resetting password in the command line
To reset a user password, log in to SEP sesam Server console and enter the following command:
sm_cmd reset user <ID or name>
The command resets the password and generates a new random password, which can be sent to the user.
Example:
In this example, the user name is mustermann.
sm_cmd reset user mustermann C:\Program Files\SEPsesam\bin\sesam>sm_cmd reset user mustermann bouryper39
Changing your password
To change your own user password in the GUI follow the procedure below:
- From the menu bar select Configuration ‐> Change Password. The Change Password window opens.
- Enter your current password. Then enter your new password and repeat the new password to confirm the change.
- Click OK to apply the change.
Screenshots
See also
Configuring Database-Based Authentication — Configuring Policy-Based Authentication — Configuring Multi-Factor Authentication — User Roles and Permissions